git://git.jankratochvil.net
/
nethome.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Support IPv6.
[nethome.git]
/
public_html
/
cgi-bin
/
postget.php
diff --git
a/public_html/cgi-bin/postget.php
b/public_html/cgi-bin/postget.php
index
bc49678
..
2975031
100644
(file)
--- a/
public_html/cgi-bin/postget.php
+++ b/
public_html/cgi-bin/postget.php
@@
-1,27
+1,33
@@
<?php
<?php
- $getget=isset($HTTP_GET_VARS["_getget"]);
+ $path_priv="/home/lace/priv/";
+ $getget=isset($_REQUEST["_getget"]);
$wherename=($getget ? "_getget" : "_postget");
$wherename=($getget ? "_getget" : "_postget");
- $where=$
HTTP_GET_VARS
[$wherename];
- unset($
HTTP_GET_VARS
[$wherename]);
+ $where=$
_REQUEST
[$wherename];
+ unset($
_REQUEST
[$wherename]);
- foreach ($
HTTP_GET_VARS
as $key=>$val) {
+ foreach ($
_REQUEST
as $key=>$val) {
if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
- if ($HTTP_SERVER_VARS["REMOTE_ADDR"]!="127.0.0.1")
+ $permit=array("127.0.0.1"=>1,"::1"=>1,"192.168.192.1"=>1,"192.168.90.11"=>1,"192.168.90.12"=>1);
+ if (!$permit[$_SERVER["REMOTE_ADDR"]])
print("Forbidden:"
print("Forbidden:"
- ." REMOTE_ADDR=".htmlspecialchars($
HTTP_SERVER_VARS
["REMOTE_ADDR"])
+ ." REMOTE_ADDR=".htmlspecialchars($
_SERVER
["REMOTE_ADDR"])
.",key=".htmlspecialchars($key)
.",val=".htmlspecialchars($val)
."<br />"
);
.",key=".htmlspecialchars($key)
.",val=".htmlspecialchars($val)
."<br />"
);
+ elseif ($matched[1]=="postget.time()") {
+ // At least 2 - time slip?
+ $_REQUEST[$key]=time()-131-60;
+ }
else
else
- $
HTTP_GET_VARS[$key]=chop(join(" ",file("/home/short/priv/"
.$matched[1],false/*use_include_path*/)));
+ $
_REQUEST[$key]=chop(join(" ",file($path_priv
.$matched[1],false/*use_include_path*/)));
}
}
if ($getget) {
$first='?';
}
}
if ($getget) {
$first='?';
- foreach ($
HTTP_GET_VARS
as $key=>$val) {
- $where.="${first}
$key=$val"
;
+ foreach ($
_REQUEST
as $key=>$val) {
+ $where.="${first}
".urlencode($key)."=".urlencode($val)
;
$first='&';
}
header("Location: $where");
$first='&';
}
header("Location: $where");
@@
-44,7
+50,7
@@
print(""
."<body onload=\"document.forms[0].submit();\">\n"
."<form action=\"".htmlspecialchars($where)."\" method=\"post\"><p>\n");
print(""
."<body onload=\"document.forms[0].submit();\">\n"
."<form action=\"".htmlspecialchars($where)."\" method=\"post\"><p>\n");
- foreach ($
HTTP_GET_VARS
as $key=>$val)
+ foreach ($
_REQUEST
as $key=>$val)
print("<input type=\"hidden\" name=\"".htmlspecialchars($key)."\" value=\"".htmlspecialchars($val)."\" />\n");
print("<input type=\"submit\" />\n");
print("</p></form></body>\n");
print("<input type=\"hidden\" name=\"".htmlspecialchars($key)."\" value=\"".htmlspecialchars($val)."\" />\n");
print("<input type=\"submit\" />\n");
print("</p></form></body>\n");