scratch – Diff between revs 50 and 53

Subversion Repositories:
Rev:
Only display areas with differencesIgnore whitespace
Rev 50 Rev 53
1 <?php 1 <?php
2   2  
3 ########################################################################### 3 ###########################################################################
4 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## 4 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ##
5 ########################################################################### 5 ###########################################################################
6   -  
7 header('Content-Type: text/html; charset=utf-8'); -  
8 header('Cache-Control: no-cache, no-store, must-revalidate'); -  
9 header('Pragma: no-cache'); -  
10 header('Expires: 0'); -  
11   6  
12 require_once('inc/pseudocrypt.php'); 7 require_once('inc/pseudocrypt.php');
13 require_once('inc/functions.php'); 8 require_once('inc/functions.php');
14 require_once('config.php'); 9 require_once('config.php');
15   10  
16 if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or 11 if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or
17 !isset($_POST['action']) or empty($_POST['action'])) 12 !isset($_POST['action']) or empty($_POST['action']))
18 return; 13 return;
19   14  
20 #### Check fingerprint consistency. 15 #### Check fingerprint consistency.
21 $fingerprint = strtoupper($_POST['fingerprint']); 16 $fingerprint = strtoupper($_POST['fingerprint']);
22 if(strlen($fingerprint) !== 32) 17 if(strlen($fingerprint) !== 32)
23 return; 18 return;
24   19  
25 $action = strtoupper($_POST['action']); 20 $action = strtoupper($_POST['action']);
26   21  
27 #### Data must be sent in order to save a file. 22 #### Data must be sent in order to save a file.
28 if($action === 'SAVE' and !isset($_POST['data'])) 23 if($action === 'SAVE' and !isset($_POST['data']))
29 return; 24 return;
30   25  
31 #### Hash fingerprint. 26 #### Hash fingerprint.
32 $file = strtolower( 27 $file = strtolower(
33 PseudoCrypt::hash( 28 PseudoCrypt::hash(
34 preg_replace( 29 preg_replace(
35 '/\D/', 30 '/\D/',
36 '', 31 '',
37 hash( 32 hash(
38 'sha512', 33 'sha512',
39 $fingerprint 34 $fingerprint
40 ) 35 )
41 ), 36 ),
42 $ASSET_HASH_SIZE 37 $ASSET_HASH_SIZE
43 ) 38 )
44 ); 39 );
45   40  
46 #### Build the user path. 41 #### Build the user path.
47 $userPath = join( 42 $userPath = join(
48 DIRECTORY_SEPARATOR, 43 DIRECTORY_SEPARATOR,
49 array( 44 array(
50 $STORE_FOLDER, 45 $STORE_FOLDER,
51 $file 46 $file
52 ) 47 )
53 ); 48 );
54   49  
55 #### Check for path traversals 50 #### Check for path traversals
56 $pathPart = pathinfo($userPath.'.html'); 51 $pathPart = pathinfo($userPath.'.html');
57 if (strcasecmp( 52 if (strcasecmp(
58 realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) 53 realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0)
59 return; 54 return;
60   55  
61 switch($action) { 56 switch($action) {
62 case 'SAVE': 57 case 'SAVE':
63 #### Store the file. 58 #### Store the file.
64 atomized_put_contents($userPath.'.html', $_POST['data']); 59 atomized_put_contents($userPath.'.html', $_POST['data']);
65 break; 60 break;
66 case 'LOAD': 61 case 'LOAD':
67 if(!file_exists($userPath.'.html')) 62 if(!file_exists($userPath.'.html'))
68 return; 63 return;
-   64 ### Set no-cache
-   65 header('Content-Type: text/html; charset=utf-8');
-   66 header('Cache-Control: no-cache, no-store, must-revalidate');
-   67 header('Pragma: no-cache');
-   68 header('Expires: 0');
-   69 ### Open MIME info database and send the content type.
-   70 header('Content-type: text/html');
-   71 ### Send the file along with the inline content disposition.
-   72 header('Content-length: '.(int)get_file_size($userPath.'.html'));
-   73 header('Content-Disposition: inline; filename="' . basename($userPath.'.html') . '"');
69 echo atomized_get_contents($userPath.'.html'); 74 header('X-Sendfile: '.$userPath.'.html');
70 break; 75 break;
71 } 76 }
72   77  
73   78