Etusivu Tutki Apua
Kirjaudu sisään
dbm
/
php-custom-content-uploader
1
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Selaa lähdekoodia

bug fixes

Christopher 6 vuotta sitten
vanhempi
f8ba0589d0
commit
a49f9a1171
4 muutettua tiedostoa jossa 31 lisäystä ja 5 poistoa
Yhdistetty näkymä Näytä diff tilastot
  1. 8 2
      html/core.php
  2. 1 1
      html/upload.php
  3. 10 2
      html/users.json
  4. 12 0
      html/web.config

+ 8 - 2
html/core.php
Näytä tiedosto 

@@ -176,7 +176,8 @@ function CHECK_USER(&$err){
 
 		

 		

 			//	Save request username and API key.

 			//	Save request username and API key.

 			$r_user = $_REQUEST['u'];

 			$r_user = $_REQUEST['u'];

-			$r_key = $_REQUEST['k'];

+			$r_key = urldecode($_REQUEST['k']);

+			// $r_key = $_REQUEST['k'];

 			

 			

 			//	Fetch user database and check the username and API key combination.

 			//	Fetch user database and check the username and API key combination.

 			$users = GET_JSON_DATA_FROM_FILE(USERS_JSON);

 			$users = GET_JSON_DATA_FROM_FILE(USERS_JSON);

@@ -189,7 +190,12 @@ function CHECK_USER(&$err){
 
 					

 					

 					if ($users[$r_user]['enabled']){

 					if ($users[$r_user]['enabled']){

 						

 						

-						if (ARE_STRINGS_EQUAL($r_key, $users[$r_user]['api_key'], FORCE_CASE_SENSITIVE_API_KEYS)){						

+						$api_key = $users[$r_user]['api_key'];

+						

+						// echo "r=" . $r_key . "|a=" . $api_key;

+						// exit(0);

+						

+						if (ARE_STRINGS_EQUAL(urlencode($r_key), urlencode($api_key), FORCE_CASE_SENSITIVE_API_KEYS)){

 							//	ALL USER CHECKS PASS.

 							//	ALL USER CHECKS PASS.

 							return true;

 							return true;

 						}

 						}

+ 1 - 1
html/upload.php
Näytä tiedosto 

@@ -19,7 +19,7 @@ require_once($_SERVER['DOCUMENT_ROOT'] . "/core.php");
 
  * Parameter		Description

  * Parameter		Description

  * -----------------------------------------------------------------

  * -----------------------------------------------------------------

  * u                Username, corresponding to the user's name in the "users.json" file. Value may not be empty. Case-sensitive.

  * u                Username, corresponding to the user's name in the "users.json" file. Value may not be empty. Case-sensitive.

- * k                API Key, corresponding to the user's "key" value in the "users.json" file. Value may not be empty. Not case-sensitive by default but can be changed in "config.php".

+ * k                API Key, corresponding to the user's "key" value in the "users.json" file. Value may not be empty. Not case-sensitive by default but can be changed in "config.php". Not recommended to use as clients seem to send them without proper format.

  *

  *

  */

  */

+ 10 - 2
html/users.json
Näytä tiedosto 

@@ -1,10 +1,18 @@
 
 {

 {

+	"dbm": {

+		"api_key": "axdhblc5aefblo89865ahgalok5",

+		"enabled": false

+	},

+	"12865": {

+		"api_key": "ax65ahgTaohl5ebo9k5",

+		"enabled": true

+	},

 	"example": {

 	"example": {

 		"api_key": "1234567",

 		"api_key": "1234567",

-		"enabled": true

+		"enabled": false

 	},

 	},

 	"dbg": {

 	"dbg": {

 		"api_key": "29081532524",

 		"api_key": "29081532524",

-		"enabled": true

+		"enabled": false

 	}

 	}

 }
 
 }

+ 12 - 0
html/web.config
Näytä tiedosto 

@@ -0,0 +1,12 @@
 
+<?xml version="1.0" encoding="UTF-8"?>

+<configuration>

+    <system.webServer>

+        <security>

+            <requestFiltering>

+                <denyUrlSequences>

+                    <add sequence="/users.json" />

+                </denyUrlSequences>

+            </requestFiltering>

+        </security>

+    </system.webServer>

+</configuration>