Make 'path_priv' configurable.

[nethome.git] / public_html / cgi-bin / postget.php

diff --git a/public_html/cgi-bin/postget.php b/public_html/cgi-bin/postget.php
index bc49678..8ebabc7 100644 (file)
--- a/public_html/cgi-bin/postget.php
+++ b/public_html/cgi-bin/postget.php
@@ -1,4 +1,5 @@
 <?php
+       $path_priv="/home/lace/priv/";
        $getget=isset($HTTP_GET_VARS["_getget"]);
        $wherename=($getget ? "_getget" : "_postget");
        $where=$HTTP_GET_VARS[$wherename];
@@ -6,7 +7,8 @@
 
        foreach ($HTTP_GET_VARS as $key=>$val) {
                if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
-                       if ($HTTP_SERVER_VARS["REMOTE_ADDR"]!="127.0.0.1")
+                       $permit=array("127.0.0.1"=>1,"192.168.192.1"=>1,"192.168.90.11"=>1,"192.168.90.12"=>1);
+                       if (!$permit[$HTTP_SERVER_VARS["REMOTE_ADDR"]])
                                print("Forbidden:"
                                                ." REMOTE_ADDR=".htmlspecialchars($HTTP_SERVER_VARS["REMOTE_ADDR"])
                                                .",key=".htmlspecialchars($key)
@@ -14,14 +16,14 @@
                                                ."<br />"
                                                );
                        else
-                               $HTTP_GET_VARS[$key]=chop(join(" ",file("/home/short/priv/".$matched[1],false/*use_include_path*/)));
+                               $HTTP_GET_VARS[$key]=chop(join(" ",file($path_priv.$matched[1],false/*use_include_path*/)));
                        }
                }
 
        if ($getget) {
                $first='?';
                foreach ($HTTP_GET_VARS as $key=>$val) {
-                       $where.="${first}$key=$val";
+                       $where.="${first}".urlencode($key)."=".urlencode($val);
                        $first='&';
                        }
                header("Location: $where");