X-Git-Url: https://git.jankratochvil.net/?p=nethome.git;a=blobdiff_plain;f=public_html%2Fcgi-bin%2Fpostget.php;h=244f682cb1e04c83a2d1b65a65cbb5c8a3d06daf;hp=bc49678068da526ae5ef418786f6e0ce342db2e5;hb=951fcecb34c766ab1330f88efa8dd095618c0bf6;hpb=01d79ab597ddd1281d51625a057496fa564aafbe;ds=sidebyside

diff --git a/public_html/cgi-bin/postget.php b/public_html/cgi-bin/postget.php
index bc49678..244f682 100644
--- a/public_html/cgi-bin/postget.php
+++ b/public_html/cgi-bin/postget.php
@@ -6,7 +6,8 @@
 
 	foreach ($HTTP_GET_VARS as $key=>$val) {
 		if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
-			if ($HTTP_SERVER_VARS["REMOTE_ADDR"]!="127.0.0.1")
+			$permit=array("127.0.0.1"=>1,"192.168.192.1"=>1,"192.168.90.11"=>1);
+			if (!$permit[$HTTP_SERVER_VARS["REMOTE_ADDR"]])
 				print("Forbidden:"
 						." REMOTE_ADDR=".htmlspecialchars($HTTP_SERVER_VARS["REMOTE_ADDR"])
 						.",key=".htmlspecialchars($key)
@@ -21,7 +22,7 @@
 	if ($getget) {
 		$first='?';
 		foreach ($HTTP_GET_VARS as $key=>$val) {
-			$where.="${first}$key=$val";
+			$where.="${first}".urlencode($key)."=".urlencode($val);
 			$first='&';
 			}
 		header("Location: $where");