scratch – Diff between revs 67 and 81
?pathlinks?
Rev 67 | Rev 81 | |||
---|---|---|---|---|
Line 11... | Line 11... | |||
11 | ### Load configuration. |
11 | ### Load configuration. |
|
12 | $config = spyc_load_file('config.yaml'); |
12 | $config = spyc_load_file('config.yaml'); |
|
Line 13... | Line 13... | |||
13 | |
13 | |
|
14 | if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or |
14 | if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or |
|
15 | !isset($_POST['action']) or empty($_POST['action'])) { |
15 | !isset($_POST['action']) or empty($_POST['action'])) { |
|
16 | header('Internal server error.', true, 500); |
16 | http_response_code(500); |
|
17 | return; |
17 | die('Internal server error.'); |
|
Line 18... | Line 18... | |||
18 | } |
18 | } |
|
19 | |
19 | |
|
20 | #### Check fingerprint consistency. |
20 | #### Check fingerprint consistency. |
|
21 | $fingerprint = strtoupper($_POST['fingerprint']); |
21 | $fingerprint = strtoupper($_POST['fingerprint']); |
|
22 | if(strlen($fingerprint) !== 32) { |
22 | if(strlen($fingerprint) !== 32) { |
|
23 | header('Internal server error.', true, 500); |
23 | http_response_code(500); |
|
Line 24... | Line 24... | |||
24 | return; |
24 | die('Internal server error.'); |
|
Line 25... | Line 25... | |||
25 | } |
25 | } |
|
26 | |
26 | |
|
27 | $action = strtoupper($_POST['action']); |
27 | $action = strtoupper($_POST['action']); |
|
28 | |
28 | |
|
29 | #### Data must be sent in order to save a file. |
29 | #### Data must be sent in order to save a file. |
|
Line 30... | Line 30... | |||
30 | if($action === 'SAVE' and !isset($_POST['data'])) { |
30 | if($action === 'SAVE' and !isset($_POST['data'])) { |
|
31 | header('Internal server error.', true, 500); |
31 | http_response_code(500); |
|
32 | return; |
32 | die('Internal server error.'); |
|
Line 58... | Line 58... | |||
58 | |
58 | |
|
59 | #### Check for path traversals |
59 | #### Check for path traversals |
|
60 | $pathPart = pathinfo($userPath.'.html'); |
60 | $pathPart = pathinfo($userPath.'.html'); |
|
61 | if (strcasecmp( |
61 | if (strcasecmp( |
|
62 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
62 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
|
63 | header('Internal server error.', true, 500); |
63 | http_response_code(500); |
|
64 | return; |
64 | die('Internal server error.'); |
|
Line 65... | Line 65... | |||
65 | } |
65 | } |
|
66 | |
66 | |
|
67 | switch($action) { |
67 | switch($action) { |