scratch – Diff between revs 93 and 94
?pathlinks?
Rev 93 | Rev 94 | |||
---|---|---|---|---|
Line 12... | Line 12... | |||
12 | $config = spyc_load_file('config.yaml'); |
12 | $config = spyc_load_file('config.yaml'); |
|
Line 13... | Line 13... | |||
13 | |
13 | |
|
14 | #### Script restrictions. |
14 | #### Script restrictions. |
|
15 | if( |
15 | if( |
|
16 | ( |
16 | ( |
|
17 | !isset($_SERVER['HTTP_X_REQUESTED_WITH']) || |
17 | !isset($_SERVER['HTTP_X_REQUESTED_WITH']) or |
|
18 | empty($_SERVER['HTTP_X_REQUESTED_WITH']) || |
18 | empty($_SERVER['HTTP_X_REQUESTED_WITH']) or |
|
19 | strtoupper($_SERVER['HTTP_X_REQUESTED_WITH']) != 'XMLHTTPREQUEST' |
19 | strtoupper($_SERVER['HTTP_X_REQUESTED_WITH']) != 'XMLHTTPREQUEST' |
|
20 | ) |
20 | ) |
|
21 | || |
21 | or |
|
22 | ( |
22 | ( |
|
23 | ( |
23 | ( |
|
24 | !isset($_SERVER['HTTP_REFERER']) || |
24 | !isset($_SERVER['HTTP_REFERER']) or |
|
25 | empty($_SERVER['HTTP_REFERER']) |
25 | empty($_SERVER['HTTP_REFERER']) |
|
26 | ) |
26 | ) |
|
27 | && |
27 | and |
|
28 | ( |
28 | ( |
|
29 | #strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'FILE.HTML') || |
29 | #strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'FILE.HTML') or |
|
30 | strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'TEXT.HTML') |
30 | strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'TEXT.HTML') |
|
31 | ) |
31 | ) |
|
32 | ) |
32 | ) |
|
33 | ) |
33 | ) |
|
34 | { |
34 | { |
|
35 | http_response_code(403); |
35 | http_response_code(403); |
|
36 | die('Forbidden.'); |
36 | die('Forbidden.'); |
|
Line -... | Line 37... | |||
- | 37 | } |
||
37 | } |
38 | |
|
- | 39 | #### Check if the fingerprint and action are set parameters. |
||
38 | |
40 | if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or |
|
39 | if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or |
41 | !preg_match('/^[A-Za-z0-9]{32}$/', $_POST['fingerprint']) or |
|
40 | !isset($_POST['action']) or empty($_POST['action'])) { |
42 | !isset($_POST['action']) or empty($_POST['action'])) { |
|
41 | http_response_code(500); |
43 | http_response_code(500); |