public_html/cgi-bin/postget.php

   1 <?php
   2         header("Content-type: text/html");
   3         print('<?xml version="1.0" encoding="iso-8859-1"?>'."\n");
   4 ?>
   5 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   6 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   7 <head><title>postget</title></head><body onload="document.forms[0].submit();">
   8 <?php
   9
  10         print("<form action=\"".htmlspecialchars($HTTP_GET_VARS["_postget"])."\" method=\"post\"><p>\n");
  11         unset($HTTP_GET_VARS["_postget"]);
  12         foreach ($HTTP_GET_VARS as $key=>$val) {
  13                 if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
  14                         if ($HTTP_SERVER_VARS["REMOTE_ADDR"]!="127.0.0.1")
  15                                 print("Forbidden:"
  16                                                 ." REMOTE_ADDR=".htmlspecialchars($HTTP_SERVER_VARS["REMOTE_ADDR"])
  17                                                 .",key=".htmlspecialchars($key)
  18                                                 .",val=".htmlspecialchars($val)
  19                                                 ."<br />"
  20                                                 );
  21                         else
  22                                 $val=chop(join(" ",file("/home/short/priv/".$matched[1],false/*use_include_path*/)));
  23                         }
  24                 print("<input type=\"hidden\" name=\"".htmlspecialchars($key)."\" value=\"".htmlspecialchars($val)."\" />\n");
  25                 }
  26         print("<input type=\"submit\" />\n");
  27         print("</p></form>\n");
  28
  29 ?>
  30 </body></html>