From: short <>
Date: Mon, 1 Oct 2001 18:18:43 +0000 (+0000)
Subject: "~/priv/postget*" files are now protected by $REMOTE_ADDR=="127.0.0.1"
X-Git-Tag: rh72~32
X-Git-Url: https://git.jankratochvil.net/?p=nethome.git;a=commitdiff_plain;h=be5f85b19ee36d0b2b5e1ce2cc5a31757c98d26e

"~/priv/postget*" files are now protected by $REMOTE_ADDR=="127.0.0.1"
---

diff --git a/public_html/cgi-bin/postget.php b/public_html/cgi-bin/postget.php
index 5d5e7d5..a95466a 100644
--- a/public_html/cgi-bin/postget.php
+++ b/public_html/cgi-bin/postget.php
@@ -10,8 +10,17 @@
 	print("<form action=\"".htmlspecialchars($HTTP_GET_VARS["_postget"])."\" method=\"post\"><p>\n");
 	unset($HTTP_GET_VARS["_postget"]);
 	foreach ($HTTP_GET_VARS as $key=>$val) {
-		if (ereg("^_priv_(postget.*)\$",$val,$matched))
-			$val=chop(join(" ",file("/home/short/priv/".$matched[1],false/*use_include_path*/)));
+		if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
+			if ($HTTP_SERVER_VARS["REMOTE_ADDR"]!="127.0.0.1")
+				print("Forbidden:"
+						." REMOTE_ADDR=".htmlspecialchars($HTTP_SERVER_VARS["REMOTE_ADDR"])
+						.",key=".htmlspecialchars($key)
+						.",val=".htmlspecialchars($val)
+						."<br />"
+						);
+			else
+				$val=chop(join(" ",file("/home/short/priv/".$matched[1],false/*use_include_path*/)));
+			}
 		print("<input type=\"hidden\" name=\"".htmlspecialchars($key)."\" value=\"".htmlspecialchars($val)."\" />\n");
 		}
 	print("<input type=\"submit\" />\n");