X-Git-Url: https://git.p6c8.net/jirafeau.git/blobdiff_plain/6b28d8973d9d57cae8a4d1f52ec5556cbfce1840..9fb59d5f9af3618e443aba9cc459f4bc682ccceb:/script.php?ds=sidebyside

diff --git a/script.php b/script.php
index 2409f1b..19f14a8 100755
--- a/script.php
+++ b/script.php
@@ -25,7 +25,7 @@
 
 define ('JIRAFEAU_ROOT', dirname (__FILE__) . '/');
 
-require (JIRAFEAU_ROOT . 'lib/config.php');
+require (JIRAFEAU_ROOT . 'lib/config.original.php');
 require (JIRAFEAU_ROOT . 'lib/settings.php');
 require (JIRAFEAU_ROOT . 'lib/functions.php');
 require (JIRAFEAU_ROOT . 'lib/lang.php');
@@ -36,7 +36,9 @@ require (JIRAFEAU_ROOT . 'lib/lang.php');
 /* Operations may take a long time.
  * Be sure PHP's safe mode is off.
  */
- set_time_limit(0);
+@set_time_limit(0);
+/* Remove errors. */
+@error_reporting(0);
 
 if ($_SERVER['REQUEST_METHOD'] == "GET" && count ($_GET) == 0)
 {
@@ -261,6 +263,12 @@ if (has_error ())
 if (isset ($_FILES['file']) && is_writable (VAR_FILES)
     && is_writable (VAR_LINKS))
 {
+    if (strlen ($cfg['upload_password']) > 0 && (!isset ($_POST['upload_password']) || $_POST['upload_password'] != $cfg['upload_password']))
+    {
+        echo "Error";
+        exit;
+    }
+
     $key = '';
     if (isset ($_POST['key']))
         $key = $_POST['key'];
@@ -319,7 +327,7 @@ elseif (isset ($_GET['h']))
     if (isset ($_GET['d']))
         $d = $_GET['d'];
     
-    if (!preg_match ('/[0-9a-zA-Z_-]{22}$/', $link_name))
+    if (!preg_match ('/[0-9a-zA-Z_-]+$/', $link_name))
     {
         echo "Error";
         exit;
@@ -521,6 +529,12 @@ fi
 /* Initialize an asynchronous upload. */
 elseif (isset ($_GET['init_async']))
 {
+    if (strlen ($cfg['upload_password']) > 0 && (!isset ($_POST['upload_password']) || $_POST['upload_password'] != $cfg['upload_password']))
+    {
+        echo "Error";
+        exit;
+    }
+
     if (!isset ($_POST['filename']))
     {
         echo "Error";
@@ -589,6 +603,12 @@ elseif (isset ($_GET['end_async']))
 /* Initialize block. */
 elseif (isset ($_GET['init_block']) && $cfg['enable_blocks'])
 {
+    if (strlen ($cfg['upload_password']) > 0 && (!isset ($_POST['upload_password']) || $_POST['upload_password'] != $cfg['upload_password']))
+    {
+        echo "Error";
+        exit;
+    }
+
     if (!isset ($_POST['size']))
         echo "Error";
     else