it for reading and including files later
-if (load_mask($_POST['source'], '../') === false) exit;
+if (load_mask($_POST['source']) === false) exit;
$data = array('error' => 'Unknown function');
$data = array('error' => 'Unknown function');
return str_replace('./','x',$file);
}
return str_replace('./','x',$file);
}
-function load_mask($name, $prefix = '')
+function load_mask($name)
{
global $mask;
$name = sanitise_filename($name);
{
global $mask;
$name = sanitise_filename($name);
- $file = $prefix . 'masks/' . $name . '.php';
+ $file = $_SESSION['sys']['basedir'] . 'masks/' . $name . '.php';
if (!file_exists($file))
return false;
if (!file_exists($file))
return false;
if ($sth === false) return false;
if ($sth === false) return false;
+ if (substr($_SERVER['HTTP_REFERER'],-12) != '/?login=true'
+ || substr($_SERVER['SCRIPT_FILENAME'],-10) != '/index.php') {
+ error_log('Wrong referrer or wrong request uri');
+ return false;
+ }
+
if ($row = pg_fetch_assoc($sth)) {
$_SESSION['sys'] = array('uid' => $row['id'],
'login' => $row['login'],
'name' => $row['name'],
if ($row = pg_fetch_assoc($sth)) {
$_SESSION['sys'] = array('uid' => $row['id'],
'login' => $row['login'],
'name' => $row['name'],
- 'email' => $row['email']);
+ 'email' => $row['email'],
+ 'basedir' => substr($_SERVER['SCRIPT_FILENAME'],0,-9));