diff options
| author | uckelman <uckelman@nomic.net> | 2010-05-10 21:29:11 +0000 |
|---|---|---|
| committer | uckelman <uckelman@nomic.net> | 2010-05-10 21:29:11 +0000 |
| commit | da01ded2f61ae81eb6fc10d25a4cd42d07f470f8 (patch) | |
| tree | 8bd48d2d216ebefe3f003df1b40b303ac141780b /src | |
| parent | d24f1c91acfab85cddd72a5155acd2dc87ba060d (diff) | |
Refactored.
git-svn-id: https://vassalengine.svn.sourceforge.net/svnroot/vassalengine/site-src/trunk@6846 67b53d14-2c14-4ace-a08f-0dab2b34000c
Diffstat (limited to 'src')
| -rw-r--r-- | src/attachment_writer.php | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/src/attachment_writer.php b/src/attachment_writer.php index bd00b14..d65b8dc 100644 --- a/src/attachment_writer.php +++ b/src/attachment_writer.php @@ -1,15 +1,23 @@ <?php +$password = ''; +$attach_dir = '/var/www/forum/files'; + +# All requests should be local, since they come from the list post script. +if ($_SERVER['SERVER_ADDR'] != $_SERVER['REMOTE_ADDR']) { + die('Client address is not local'); +} + +# Check the password if (!array_key_exists('password', $_POST)) { die('No password given'); } -if ($_POST['password'] != 'foo') { +if ($_POST['password'] != $password) { die('Incorrect password'); } -$attach_dir = '/var/www/forum/files'; - +# Process each attachment foreach ($_FILES as $file) { # Check for errors switch ($file['error']) { @@ -30,7 +38,7 @@ foreach ($_FILES as $file) { case UPLOAD_ERR_EXTENSION: die('Error UPLOAD_ERR_EXTENSION: ' . $file['name']); default: - die('Unrecognized error code: ' . $file['error'] . ' ' $file['name']); + die('Unrecognized error code: ' . $file['error'] . ' ' . $file['name']); } # Don't continue if the name isn't what phpBB expects |