public_html/cgi-bin/postget.php

   1 <?php
   2         $getget=isset($HTTP_GET_VARS["_getget"]);
   3         $wherename=($getget ? "_getget" : "_postget");
   4         $where=$HTTP_GET_VARS[$wherename];
   5         unset($HTTP_GET_VARS[$wherename]);
   6
   7         foreach ($HTTP_GET_VARS as $key=>$val) {
   8                 if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
   9                         if ($HTTP_SERVER_VARS["REMOTE_ADDR"]!="127.0.0.1")
  10                                 print("Forbidden:"
  11                                                 ." REMOTE_ADDR=".htmlspecialchars($HTTP_SERVER_VARS["REMOTE_ADDR"])
  12                                                 .",key=".htmlspecialchars($key)
  13                                                 .",val=".htmlspecialchars($val)
  14                                                 ."<br />"
  15                                                 );
  16                         else
  17                                 $HTTP_GET_VARS[$key]=chop(join(" ",file("/home/short/priv/".$matched[1],false/*use_include_path*/)));
  18                         }
  19                 }
  20
  21         if ($getget) {
  22                 $first='?';
  23                 foreach ($HTTP_GET_VARS as $key=>$val) {
  24                         $where.="${first}$key=$val";
  25                         $first='&';
  26                         }
  27                 header("Location: $where");
  28                 }
  29         header("Content-type: text/html");
  30         print('<?xml version="1.0" encoding="iso-8859-1"?>'."\n");
  31 ?>
  32 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  33 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  34 <head><title>postget</title></head>
  35 <?php
  36
  37         if ($getget) {
  38                 print(""
  39                                 ."<body onload=\"window.location.href=document.links[0].href;\"><p>\n"
  40                                 ."<a href=\"".htmlspecialchars($where)."\">get</a>\n"
  41                                 ."</p></body>\n");
  42                 }
  43         else {
  44                 print(""
  45                                 ."<body onload=\"document.forms[0].submit();\">\n"
  46                                 ."<form action=\"".htmlspecialchars($where)."\" method=\"post\"><p>\n");
  47                 foreach ($HTTP_GET_VARS as $key=>$val)
  48                         print("<input type=\"hidden\" name=\"".htmlspecialchars($key)."\" value=\"".htmlspecialchars($val)."\" />\n");
  49                 print("<input type=\"submit\" />\n");
  50                 print("</p></form></body>\n");
  51                 }
  52
  53 ?>
  54 </html>