+ $getget=isset($HTTP_GET_VARS["_getget"]);
+ $wherename=($getget ? "_getget" : "_postget");
+ $where=$HTTP_GET_VARS[$wherename];
+ unset($HTTP_GET_VARS[$wherename]);
+
+ foreach ($HTTP_GET_VARS as $key=>$val) {
+ if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
+ $permit=array("127.0.0.1"=>1,"192.168.192.1"=>1,"192.168.90.11"=>1);
+ if (!$permit[$HTTP_SERVER_VARS["REMOTE_ADDR"]])
+ print("Forbidden:"
+ ." REMOTE_ADDR=".htmlspecialchars($HTTP_SERVER_VARS["REMOTE_ADDR"])
+ .",key=".htmlspecialchars($key)
+ .",val=".htmlspecialchars($val)
+ ."<br />"
+ );
+ else
+ $HTTP_GET_VARS[$key]=chop(join(" ",file("/home/short/priv/".$matched[1],false/*use_include_path*/)));
+ }
+ }
+
+ if ($getget) {
+ $first='?';
+ foreach ($HTTP_GET_VARS as $key=>$val) {
+ $where.="${first}".urlencode($key)."=".urlencode($val);
+ $first='&';
+ }
+ header("Location: $where");
+ }