X-Git-Url: https://git.jankratochvil.net/?p=nethome.git;a=blobdiff_plain;f=public_html%2Fcgi-bin%2Fpostget.php;h=244f682cb1e04c83a2d1b65a65cbb5c8a3d06daf;hp=5d5e7d59eaa199ddf6d0302690542d906d438780;hb=951fcecb34c766ab1330f88efa8dd095618c0bf6;hpb=a6b490e7f3ea6e866d1786d6e6307f0ba462561e

diff --git a/public_html/cgi-bin/postget.php b/public_html/cgi-bin/postget.php
index 5d5e7d5..244f682 100644
--- a/public_html/cgi-bin/postget.php
+++ b/public_html/cgi-bin/postget.php
@@ -1,21 +1,55 @@
 <?php
+	$getget=isset($HTTP_GET_VARS["_getget"]);
+	$wherename=($getget ? "_getget" : "_postget");
+	$where=$HTTP_GET_VARS[$wherename];
+	unset($HTTP_GET_VARS[$wherename]);
+
+	foreach ($HTTP_GET_VARS as $key=>$val) {
+		if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
+			$permit=array("127.0.0.1"=>1,"192.168.192.1"=>1,"192.168.90.11"=>1);
+			if (!$permit[$HTTP_SERVER_VARS["REMOTE_ADDR"]])
+				print("Forbidden:"
+						." REMOTE_ADDR=".htmlspecialchars($HTTP_SERVER_VARS["REMOTE_ADDR"])
+						.",key=".htmlspecialchars($key)
+						.",val=".htmlspecialchars($val)
+						."<br />"
+						);
+			else
+				$HTTP_GET_VARS[$key]=chop(join(" ",file("/home/short/priv/".$matched[1],false/*use_include_path*/)));
+			}
+		}
+
+	if ($getget) {
+		$first='?';
+		foreach ($HTTP_GET_VARS as $key=>$val) {
+			$where.="${first}".urlencode($key)."=".urlencode($val);
+			$first='&';
+			}
+		header("Location: $where");
+		}
 	header("Content-type: text/html");
 	print('<?xml version="1.0" encoding="iso-8859-1"?>'."\n");
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head><title>postget</title></head><body onload="document.forms[0].submit();">
+<head><title>postget</title></head>
 <?php
 
-	print("<form action=\"".htmlspecialchars($HTTP_GET_VARS["_postget"])."\" method=\"post\"><p>\n");
-	unset($HTTP_GET_VARS["_postget"]);
-	foreach ($HTTP_GET_VARS as $key=>$val) {
-		if (ereg("^_priv_(postget.*)\$",$val,$matched))
-			$val=chop(join(" ",file("/home/short/priv/".$matched[1],false/*use_include_path*/)));
-		print("<input type=\"hidden\" name=\"".htmlspecialchars($key)."\" value=\"".htmlspecialchars($val)."\" />\n");
+	if ($getget) {
+		print(""
+				."<body onload=\"window.location.href=document.links[0].href;\"><p>\n"
+				."<a href=\"".htmlspecialchars($where)."\">get</a>\n"
+				."</p></body>\n");
+		}
+	else {
+		print(""
+				."<body onload=\"document.forms[0].submit();\">\n"
+				."<form action=\"".htmlspecialchars($where)."\" method=\"post\"><p>\n");
+		foreach ($HTTP_GET_VARS as $key=>$val)
+			print("<input type=\"hidden\" name=\"".htmlspecialchars($key)."\" value=\"".htmlspecialchars($val)."\" />\n");
+		print("<input type=\"submit\" />\n");
+		print("</p></form></body>\n");
 		}
-	print("<input type=\"submit\" />\n");
-	print("</p></form>\n");
 
 ?>
-</body></html>
+</html>