nemunaire/paste-manager
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix security issue: check password before generate a LaTeX document

Browse Source
This commit is contained in:
Némunaire 2012-02-07 10:39:27 +01:00
parent 92e135f5d6
commit 47372cf211
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
htdocs/gen.php
View File

@ -57,7 +57,7 @@ foreach ($_GET as $k => $t)
<meta charset="UTF-8"> <meta charset="UTF-8">
<title>.: Pommultimédia - Paste :.</title> <title>.: Pommultimédia - Paste :.</title>
<link href="style.css" rel="stylesheet" type="text/css"> <link href="style.css" rel="stylesheet" type="text/css">
<link href="favicon.ico" type="image/x-icon" rel="shortcut icon"/> <link href="favicon.ico" type="image/x-icon" rel="shortcut icon">
</head> </head>
<body> <body>
<div id="corps" style="text-align: center;"> <div id="corps" style="text-align: center;">
@ -84,9 +84,12 @@ foreach ($_GET as $k => $t)
if (!empty($paste->crypt)) if (!empty($paste->crypt))
{ {
if (!empty($_POST["passwd"])) if (!empty($_POST["passwd"]))
$paste->crypt($_POST["passwd"]); $t = $_POST["passwd"];
else
$paste->crypt($t); $paste->crypt($t);
if ($paste->crypt != sha1($t))
die ("Bad password");
} }
$filename = "../gen/".$paste->fileref; $filename = "../gen/".$paste->fileref;