continue;
/* Filter. */
- if (!empty ($name) && !preg_match ("/$name/i", $l['file_name']))
+ if (!empty ($name) && !preg_match ("/$name/i", htmlspecialchars($l['file_name'])))
continue;
if (!empty ($file_hash) && $file_hash != $l['md5'])
continue;
'<form action = "admin.php" method = "post">' .
'<input type = "hidden" name = "action" value = "download"/>' .
'<input type = "hidden" name = "link" value = "' . $node . '"/>' .
- '<input type = "submit" value = "' . $l['file_name'] . '" />' .
+ '<input type = "submit" value = "' . htmlspecialchars($l['file_name']) . '" />' .
'</form>';
echo '</td>';
echo '<td>' . $l['mime_type'] . '</td>';
return false;
}
+/**
+ * Get the ip address of the client from REMOTE_ADDR
+ * or from HTTP_X_FORWARDED_FOR if behind a proxy
+ * @returns an the client ip address
+ */
+function get_ip_address($cfg) {
+ if (count ($cfg['proxy_ip']) == 0 ||
+ empty ($_SERVER['HTTP_X_FORWARDED_FOR']))
+ return $_SERVER['REMOTE_ADDR'];
+
+ $iplist = explode (',', $_SERVER['HTTP_X_FORWARDED_FOR']);
+ if (count ($iplist) == 0)
+ return $_SERVER['REMOTE_ADDR'];
+
+ foreach ($cfg['proxy_ip'] as $proxy_ip)
+ {
+ if ($_SERVER['REMOTE_ADDR'] != $proxy_ip)
+ continue;
+
+ // Take the last IP (the one which has been set by our proxy).
+ $ip = end($iplist);
+ $ip = preg_replace ('/\s+/', '', $ip);
+ return $ip;
+ }
+ return $_SERVER['REMOTE_ADDR'];
+}
+
+/**
+ * Convert hexadecimal string to base64
+ */
+function hex_to_base64($hex)
+{
+ $b = '';
+ foreach (str_split ($hex, 2) as $pair)
+ $b .= chr (hexdec ($pair));
+ return base64_encode ($b);
+}