X-Git-Url: https://git.jankratochvil.net/?p=nethome.git;a=blobdiff_plain;f=public_html%2Fcgi-bin%2Fpostget.php;h=8ebabc756ad7b96a1a503ec613a8f195c1f7f9fa;hp=bc49678068da526ae5ef418786f6e0ce342db2e5;hb=313036166b0eae851bbf36730186752cfaa2956d;hpb=01d79ab597ddd1281d51625a057496fa564aafbe

diff --git a/public_html/cgi-bin/postget.php b/public_html/cgi-bin/postget.php
index bc49678..8ebabc7 100644
--- a/public_html/cgi-bin/postget.php
+++ b/public_html/cgi-bin/postget.php
@@ -1,4 +1,5 @@
 <?php
+	$path_priv="/home/lace/priv/";
 	$getget=isset($HTTP_GET_VARS["_getget"]);
 	$wherename=($getget ? "_getget" : "_postget");
 	$where=$HTTP_GET_VARS[$wherename];
@@ -6,7 +7,8 @@
 
 	foreach ($HTTP_GET_VARS as $key=>$val) {
 		if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
-			if ($HTTP_SERVER_VARS["REMOTE_ADDR"]!="127.0.0.1")
+			$permit=array("127.0.0.1"=>1,"192.168.192.1"=>1,"192.168.90.11"=>1,"192.168.90.12"=>1);
+			if (!$permit[$HTTP_SERVER_VARS["REMOTE_ADDR"]])
 				print("Forbidden:"
 						." REMOTE_ADDR=".htmlspecialchars($HTTP_SERVER_VARS["REMOTE_ADDR"])
 						.",key=".htmlspecialchars($key)
@@ -14,14 +16,14 @@
 						."<br />"
 						);
 			else
-				$HTTP_GET_VARS[$key]=chop(join(" ",file("/home/short/priv/".$matched[1],false/*use_include_path*/)));
+				$HTTP_GET_VARS[$key]=chop(join(" ",file($path_priv.$matched[1],false/*use_include_path*/)));
 			}
 		}
 
 	if ($getget) {
 		$first='?';
 		foreach ($HTTP_GET_VARS as $key=>$val) {
-			$where.="${first}$key=$val";
+			$where.="${first}".urlencode($key)."=".urlencode($val);
 			$first='&';
 			}
 		header("Location: $where");