print("<form action=\"".htmlspecialchars($HTTP_GET_VARS["_postget"])."\" method=\"post\"><p>\n");
unset($HTTP_GET_VARS["_postget"]);
foreach ($HTTP_GET_VARS as $key=>$val) {
- if (ereg("^_priv_(postget.*)\$",$val,$matched))
- $val=chop(join(" ",file("/home/short/priv/".$matched[1],false/*use_include_path*/)));
+ if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
+ if ($HTTP_SERVER_VARS["REMOTE_ADDR"]!="127.0.0.1")
+ print("Forbidden:"
+ ." REMOTE_ADDR=".htmlspecialchars($HTTP_SERVER_VARS["REMOTE_ADDR"])
+ .",key=".htmlspecialchars($key)
+ .",val=".htmlspecialchars($val)
+ ."<br />"
+ );
+ else
+ $val=chop(join(" ",file("/home/short/priv/".$matched[1],false/*use_include_path*/)));
+ }
print("<input type=\"hidden\" name=\"".htmlspecialchars($key)."\" value=\"".htmlspecialchars($val)."\" />\n");
}
print("<input type=\"submit\" />\n");