]> git.p6c8.net - jirafeau.git/blobdiff - script.php
[BUGFIX] Fix XSS in admin pannel
[jirafeau.git] / script.php
index 50726f2690e63af47d1da25e03345f6fe3e79256..20eafbfdbc585f2b312aee2fb622eb81564e44b9 100644 (file)
@@ -81,7 +81,6 @@ if (isset($_FILES['file']) && is_writable(VAR_FILES)
             exit;
         }
     }
-    
     $key = '';
     if (isset($_POST['key'])) {
         $key = $_POST['key'];
@@ -333,17 +332,35 @@ if [ "$1" == "send" ]; then
         fi
         cnt=$(( cnt + 1 ))
         done)
+    key_code=$(cnt=0; echo "$res" | while read l; do
+        if [[ "$cnt" == "2" ]]; then
+            echo "$l"
+        fi
+        cnt=$(( cnt + 1 ))
+        done)
 
     echo
     echo "Download page:"
-    echo "    ${url}${downloadpage}?h=$code"
+    if [[ $key_code ]]; then
+        echo "    ${url}${downloadpage}?h=$code&k=$key_code"
+    else
+        echo "    ${url}${downloadpage}?h=$code"
+    fi
     echo "Direct download:"
-    echo "    ${url}${downloadpage}?h=$code&d=1"
+    if [[ $key_code ]]; then
+        echo "    ${url}${downloadpage}?h=$code&k=$key_code&d=1"
+    else
+        echo "    ${url}${downloadpage}?h=$code&d=1"
+    fi
     echo "Delete link:"
     echo "    ${url}${downloadpage}?h=$code&d=$del_code"
     echo
     echo "Download via API:"
-    echo "    ${0} get ${url}${apipage}?h=$code [PASSWORD}"
+    if [[ $key_code ]]; then
+        echo "    ${0} get ${url}${apipage}?h=$code&k=$key_code [PASSWORD}"
+    else
+        echo "    ${0} get ${url}${apipage}?h=$code [PASSWORD}"
+    fi
     echo "Delete via API:"
     echo "    ${0} delete ${url}${downloadpage}?h=$code&d=$del_code"
 

patrick-canterino.de