"~/priv/postget*" files are now protected by $REMOTE_ADDR=="127.0.0.1"

diff --git a/public_html/cgi-bin/postget.php b/public_html/cgi-bin/postget.php
index 5d5e7d5..a95466a 100644 (file)
--- a/public_html/cgi-bin/postget.php
+++ b/public_html/cgi-bin/postget.php
@@ -10,8 +10,17 @@
        print("<form action=\"".htmlspecialchars($HTTP_GET_VARS["_postget"])."\" method=\"post\"><p>\n");
        unset($HTTP_GET_VARS["_postget"]);
        foreach ($HTTP_GET_VARS as $key=>$val) {
-               if (ereg("^_priv_(postget.*)\$",$val,$matched))
-                       $val=chop(join(" ",file("/home/short/priv/".$matched[1],false/*use_include_path*/)));
+               if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
+                       if ($HTTP_SERVER_VARS["REMOTE_ADDR"]!="127.0.0.1")
+                               print("Forbidden:"
+                                               ." REMOTE_ADDR=".htmlspecialchars($HTTP_SERVER_VARS["REMOTE_ADDR"])
+                                               .",key=".htmlspecialchars($key)
+                                               .",val=".htmlspecialchars($val)
+                                               ."<br />"
+                                               );
+                       else
+                               $val=chop(join(" ",file("/home/short/priv/".$matched[1],false/*use_include_path*/)));
+                       }
                print("<input type=\"hidden\" name=\"".htmlspecialchars($key)."\" value=\"".htmlspecialchars($val)."\" />\n");
                }
        print("<input type=\"submit\" />\n");