diff options
| author | root | 2014-02-17 23:41:27 +0100 |
|---|---|---|
| committer | root | 2014-02-17 23:41:27 +0100 |
| commit | d955e7b3df670ec8d849b2301e217c963503462e (patch) | |
| tree | b4f1a2ee99fb7331919528e70a19877c78b89aff /www | |
| parent | cfec6f3f7711cc4a9551dedc0455e6fabf07ae48 (diff) | |
| download | files.iamfabulous.de-d955e7b3df670ec8d849b2301e217c963503462e.tar.gz | |
Now you can create folders without DoS
Diffstat (limited to 'www')
| -rw-r--r-- | www/createfolder.php | 71 | ||||
| -rw-r--r-- | www/register.php | 2 |
2 files changed, 39 insertions, 34 deletions
diff --git a/www/createfolder.php b/www/createfolder.php index cfcf4b2..b99a033 100644 --- a/www/createfolder.php +++ b/www/createfolder.php @@ -10,61 +10,65 @@ if(!$_SESSION["login"]){ if($_SERVER['REQUEST_METHOD'] == 'POST'){ function database_error(){ - echo "Database error!" + echo "Database error!"; exit; } $folder=$_POST["folder"]; - $name = $_SESSION["username"]; + $name = $_POST["username"]; $public = SQLite3::escapeString("$_POST[public]"); - $pwd = SQLite3::escapeString("$_POST[pdw]"); + $pwd_unsafe = $_POST["pwd"]; + $pwd = SQLite3::escapeString("$pwd_unsafe"); $type = SQLite3::escapeString("$_POST[type]"); - if(preg_match("/^//", $folder)){ + + if(preg_match("/^\//", $folder)){ $absolutpath = true; + $k=1; } else { $absolutpath = false; } + $folder_array_unsafe = explode("/",$folder); - $length = count($folder); + $length = count($folder_array_unsafe); $db = new SQLite3("../database/sqlite.db"); - $k=1; - - for($i=0; $i++; $i<$length){ - $folder_array[$i]=SQLite3::escapeString("$folder_array_unsafe[$i]"); - if($absolutpath){ - if(db->exec(" - BEGIN TRANSACTION; - INSERT INTO $name (id, folder, name, type, public) VALUES (NULL, $k, $folder_array[$i], '$type', '$public'); - COMMIT; - ")){ - $primary_key_db = $db->query("SELECT id FROM $name WHERE name='$folder_array[$i]"); + for($i=0; $i<$length; $i++){ + if(!empty($folder_array_unsafe[$i])){ + $folder_array[$i]=SQLite3::escapeString("$folder_array_unsafe[$i]"); + if($absolutpath){ + if($db->exec(" + INSERT INTO $name (id, folder, name, type, public) VALUES (NULL, $k, '$folder_array[$i]', '$type', '$public'); + ")){ + $primary_key_db = $db->query("SELECT id FROM $name WHERE name='$folder_array[$i]'"); + $primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM); + $primary_key = $primary_key_ar[0]; + $k=$primary_key; + } else { + database_error(); + } + } else { + $primary_key_db = $db->query("SELECT id FROM $name WHERE name='$pwd'"); $primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM); $primary_key = $primary_key_ar[0]; - $k=$primary_key; - } else { - database_error(); - } - } else { - $primary_key_db = $db->query("SELECT id FROM $name WHERE name='$pwd'"); - $primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM); - $primary_key = $primary_key_ar[0]; - if(db->exec(" - BEGIN TRANSACTION; - INSERT INTO $name (id, folder, name, type, public) VALUES (NULL, $primary_key, '$folder_array[$i]', '$type', '$public'); + if($db->exec(" + BEGIN TRANSACTION; + INSERT INTO $name (id, folder, name, type, public) VALUES (NULL, $primary_key, '$folder_array[$i]', '$type', '$public'); COMMIT; - ")){ - $pwd='$folder_array[$i]'; - } else { - database_error(); + ")){ + $pwd='$folder_array[$i]'; + } else { + database_error(); + } } } - + } - echo "END"; + + header("Refresh: 0; /$name"); + } else { echo "Hallo $name @@ -72,6 +76,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST'){ <p> Folder: <input type='text' name='folder'></p> <p> Public? <input type='text' name='public'></p> <p> pwd: <input type='text' name='pwd'></p> + <input type='hidden' name='username' value='$_SESSION[username]'> <input type='hidden' name='type' value='FOLDER'> <input type='submit' name='submit' value='invite'> </form>"; diff --git a/www/register.php b/www/register.php index 5322df8..5145f04 100644 --- a/www/register.php +++ b/www/register.php @@ -57,7 +57,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST') { BEGIN TRANSACTION; UPDATE user SET name='$safe_name', salt='$salt', password='$hash_password', status=1, invites=5 WHERE email='$safe_email'; CREATE TABLE $safe_name (id INTEGER PRIMARY KEY, folder INTEGER, name TEXT, type TEXT, public TEXT); - INSERT INTO $safe_name (id, folder, name, typ, public) VALUES (NULL, 0, '/', 'FOLDER', 'HIDDEN'); + INSERT INTO $safe_name (id, folder, name, type, public) VALUES (NULL, 0, '/', 'FOLDER', 'HIDDEN'); COMMIT;") ){ $_SESSION["login"] = true; |