scratch – Diff between revs 94 and 96
?pathlinks?
Rev 94 | Rev 96 | |||
---|---|---|---|---|
Line 13... | Line 13... | |||
13 | |
13 | |
|
14 | #### POST -> upload / GET -> download |
14 | #### POST -> upload / GET -> download |
|
15 | switch ($_SERVER['REQUEST_METHOD']) { |
15 | switch ($_SERVER['REQUEST_METHOD']) { |
|
16 | case 'POST': |
16 | case 'POST': |
|
17 | #### Script restrictions. |
- | ||
18 | if( |
- | ||
19 | ( |
- | ||
20 | !isset($_SERVER['HTTP_X_REQUESTED_WITH']) or |
- | ||
21 | empty($_SERVER['HTTP_X_REQUESTED_WITH']) or |
- | ||
22 | strtoupper($_SERVER['HTTP_X_REQUESTED_WITH']) != 'XMLHTTPREQUEST' |
- | ||
23 | ) |
- | ||
24 | or |
- | ||
25 | ( |
- | ||
26 | ( |
- | ||
27 | !isset($_SERVER['HTTP_REFERER']) or |
- | ||
28 | empty($_SERVER['HTTP_REFERER']) |
- | ||
29 | ) |
17 | #### Script restrictions. |
|
30 | and |
- | ||
31 | ( |
18 | session_start(); |
|
32 | strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'FILE.HTML') or |
- | ||
33 | strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'TEXT.HTML') |
- | ||
34 | ) |
- | ||
35 | ) |
- | ||
36 | ) |
- | ||
37 | { |
19 | if (empty($_POST['token']) || !hash_equals($_SESSION['token'], $_POST['token'])) { |
|
38 | http_response_code(403); |
20 | http_response_code(403); |
|
39 | die('Forbidden.'); |
21 | die('Forbidden.'); |
|
40 | } |
22 | } |
|
41 | #### Retrieve uploaded file. |
23 | #### Retrieve uploaded file. |