diff options
author | Alexander Sulfrian <alexander@sulfrian.net> | 2010-02-19 03:21:07 +0100 |
---|---|---|
committer | Alexander Sulfrian <alexander@sulfrian.net> | 2010-02-19 03:21:07 +0100 |
commit | 501b26ef4cc1e36be6ceb994b3571eb0eff964e6 (patch) | |
tree | 116f7e592ee74034c83d4ffb202ae72ba7b8dd68 /paste/remove.php | |
parent | ff117414b781ac8bcfa512001af252ab44d61592 (diff) | |
download | rafb-nopaste-501b26ef4cc1e36be6ceb994b3571eb0eff964e6.tar.gz rafb-nopaste-501b26ef4cc1e36be6ceb994b3571eb0eff964e6.tar.xz rafb-nopaste-501b26ef4cc1e36be6ceb994b3571eb0eff964e6.zip |
some changes
Diffstat (limited to 'paste/remove.php')
-rw-r--r-- | paste/remove.php | 65 |
1 files changed, 23 insertions, 42 deletions
diff --git a/paste/remove.php b/paste/remove.php index 80e8bd6..783f339 100644 --- a/paste/remove.php +++ b/paste/remove.php @@ -32,46 +32,27 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require('config.php'); - - function removePaste($pasteID) { - $errOld = error_reporting(0); - $return = 1; - - $resultDir = $_SERVER['DOCUMENT_ROOT'] . $Config['site_path'] . $Config['results_dir']; - - $filenameHTML = "$resultDir/$pasteID.html"; - - if (file_exists($filenameHTML)) { - - if (unlink($filenameHTML)) { - } else { - print "Failed to remove $filenameHTML<br/>\n"; - $return = 0; - } - } - error_reporting($errOld); - return $return; - } - - print "<title>Admin - Remove a paste</title>\n"; - - $ipAddr = $_SERVER["REMOTE_ADDR"]; - if (isset($_REQUEST["p"]) && isset($_REQUEST["t"])) { - $pasteID = $_REQUEST["p"]; - $token = $_REQUEST["t"]; - $tokenMatch = sha1($pasteID . $ipAddr . $Config['token_salt']); - if ($token == $tokenMatch) { - $result = removePaste($pasteID); - if ($result) { - print "Your paste has been removed."; - } else { - print "Sorry, we encountered a problem trying to remove this paste."; - } - } else { - print "Sorry, you are not authorized to remove this paste."; - } - } - - +require('config.php'); + +// check config +if (!is_subclass_of($config['storage'], 'StorageEngine')) +{ + header('HTTP/1.0 503 Service Unavailable'); + die('Invalid config'); +} + +if (isset($_REQUEST["p"]) && isset($_REQUEST["t"])) { + $pid = $_REQUEST["p"]; + $token = $_REQUEST["t"]; + $tokenMatch = $config['storage']->generateToken($pid); + + if ($token == $tokenMatch) { + $config['storage']->delContent($pid); + echo '<html><head><title>Admin - Remove a paste</title></head><body>Your paste has been removed.</body></html>'; + exit; + } +} + +echo '<html><head><title>Admin - Remove a paste</title></head><body>Sorry, you are not authorized to remove this paste.</body></html>'; + ?> |