REMOTE_ADDR permit: +192.168.192.1,192.168.90.11

[nethome.git] / public_html / cgi-bin / postget.php

diff --git a/public_html/cgi-bin/postget.php b/public_html/cgi-bin/postget.php
index bc49678..244f682 100644 (file)
--- a/public_html/cgi-bin/postget.php
+++ b/public_html/cgi-bin/postget.php
@@ -6,7 +6,8 @@
 
        foreach ($HTTP_GET_VARS as $key=>$val) {
                if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
-                       if ($HTTP_SERVER_VARS["REMOTE_ADDR"]!="127.0.0.1")
+                       $permit=array("127.0.0.1"=>1,"192.168.192.1"=>1,"192.168.90.11"=>1);
+                       if (!$permit[$HTTP_SERVER_VARS["REMOTE_ADDR"]])
                                print("Forbidden:"
                                                ." REMOTE_ADDR=".htmlspecialchars($HTTP_SERVER_VARS["REMOTE_ADDR"])
                                                .",key=".htmlspecialchars($key)
@@ -21,7 +22,7 @@
        if ($getget) {
                $first='?';
                foreach ($HTTP_GET_VARS as $key=>$val) {
-                       $where.="${first}$key=$val";
+                       $where.="${first}".urlencode($key)."=".urlencode($val);
                        $first='&';
                        }
                header("Location: $where");