From 951fcecb34c766ab1330f88efa8dd095618c0bf6 Mon Sep 17 00:00:00 2001
From: short <>
Date: Wed, 18 Sep 2002 11:55:28 +0000
Subject: [PATCH] REMOTE_ADDR permit: +192.168.192.1,192.168.90.11 Fixed
 "Location:" redirect urlencoding got GET redirections

---
 public_html/cgi-bin/postget.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/public_html/cgi-bin/postget.php b/public_html/cgi-bin/postget.php
index bc49678..244f682 100644
--- a/public_html/cgi-bin/postget.php
+++ b/public_html/cgi-bin/postget.php
@@ -6,7 +6,8 @@
 
 	foreach ($HTTP_GET_VARS as $key=>$val) {
 		if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
-			if ($HTTP_SERVER_VARS["REMOTE_ADDR"]!="127.0.0.1")
+			$permit=array("127.0.0.1"=>1,"192.168.192.1"=>1,"192.168.90.11"=>1);
+			if (!$permit[$HTTP_SERVER_VARS["REMOTE_ADDR"]])
 				print("Forbidden:"
 						." REMOTE_ADDR=".htmlspecialchars($HTTP_SERVER_VARS["REMOTE_ADDR"])
 						.",key=".htmlspecialchars($key)
@@ -21,7 +22,7 @@
 	if ($getget) {
 		$first='?';
 		foreach ($HTTP_GET_VARS as $key=>$val) {
-			$where.="${first}$key=$val";
+			$where.="${first}".urlencode($key)."=".urlencode($val);
 			$first='&';
 			}
 		header("Location: $where");
-- 
1.8.3.1