<?php
+ $path_priv="/home/lace/priv/";
+ $getget=isset($_REQUEST["_getget"]);
+ $wherename=($getget ? "_getget" : "_postget");
+ $where=$_REQUEST[$wherename];
+ unset($_REQUEST[$wherename]);
+
+ foreach ($_REQUEST as $key=>$val) {
+ if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
+ $permit=array("127.0.0.1"=>1,"::1"=>1,"192.168.192.1"=>1,"192.168.90.11"=>1,"192.168.90.12"=>1);
+ if (!$permit[$_SERVER["REMOTE_ADDR"]])
+ print("Forbidden:"
+ ." REMOTE_ADDR=".htmlspecialchars($_SERVER["REMOTE_ADDR"])
+ .",key=".htmlspecialchars($key)
+ .",val=".htmlspecialchars($val)
+ ."<br />"
+ );
+ elseif ($matched[1]=="postget.time()") {
+ // At least 2 - time slip?
+ $_REQUEST[$key]=time()-131-60;
+ }
+ else
+ $_REQUEST[$key]=chop(join(" ",file($path_priv.$matched[1],false/*use_include_path*/)));
+ }
+ }
+
+ if ($getget) {
+ $first='?';
+ foreach ($_REQUEST as $key=>$val) {
+ $where.="${first}".urlencode($key)."=".urlencode($val);
+ $first='&';
+ }
+ header("Location: $where");
+ }
header("Content-type: text/html");
print('<?xml version="1.0" encoding="iso-8859-1"?>'."\n");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head><title>postget</title></head><body onload="document.forms[0].submit();">
+<head><title>postget</title></head>
<?php
- print("<form action=\"".htmlspecialchars($HTTP_GET_VARS["_postget"])."\" method=\"post\"><p>\n");
- unset($HTTP_GET_VARS["_postget"]);
- foreach ($HTTP_GET_VARS as $key=>$val) {
- if (ereg("^_priv_(postget.*)\$",$val,$matched))
- $val=chop(join(" ",file("/home/short/priv/".$matched[1],false/*use_include_path*/)));
- print("<input type=\"hidden\" name=\"".htmlspecialchars($key)."\" value=\"".htmlspecialchars($val)."\" />\n");
+ if ($getget) {
+ print(""
+ ."<body onload=\"window.location.href=document.links[0].href;\"><p>\n"
+ ."<a href=\"".htmlspecialchars($where)."\">get</a>\n"
+ ."</p></body>\n");
+ }
+ else {
+ print(""
+ ."<body onload=\"document.forms[0].submit();\">\n"
+ ."<form action=\"".htmlspecialchars($where)."\" method=\"post\"><p>\n");
+ foreach ($_REQUEST as $key=>$val)
+ print("<input type=\"hidden\" name=\"".htmlspecialchars($key)."\" value=\"".htmlspecialchars($val)."\" />\n");
+ print("<input type=\"submit\" />\n");
+ print("</p></form></body>\n");
}
- print("<input type=\"submit\" />\n");
- print("</p></form>\n");
?>
-</body></html>
+</html>