aboutsummaryrefslogtreecommitdiffstats
path: root/scripts/multipart/multipart.cgi.in
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--scripts/multipart/multipart.cgi.in14
1 files changed, 13 insertions, 1 deletions
diff --git a/scripts/multipart/multipart.cgi.in b/scripts/multipart/multipart.cgi.in
index 1c92d70..d51a521 100644
--- a/scripts/multipart/multipart.cgi.in
+++ b/scripts/multipart/multipart.cgi.in
@@ -28,11 +28,21 @@ if (defined($query)) {
}
$file = &form_decode($v{'file'});
$boundary = &form_decode($v{'boundary'});
+ $cookie = &form_decode($v{'cookie'});
+ if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
+ print <<EOF;
+Content-Type: text/plain
+
+Local cookie doesn't match: It may be an illegal execution
+EOF
+ exit(1);
+ }
} else {
$file = $ARGV[0];
if (@ARGV >= 2) {
$boundary = $ARGV[1];
}
+ $cookie = $ENV{'LOCAL_COOKIE'};
}
open(F, "< $file");
@@ -121,6 +131,7 @@ if (defined($v{'count'})) {
$qcgi = &html_quote($CGI);
$qfile = &html_quote($file);
$qboundary = &html_quote($boundary);
+$qcookie = &html_quote($cookie);
if ($mbody =~ /\S/) {
$_ = $mbody;
@@ -195,9 +206,10 @@ while(! $end) {
print "<form method=POST action=\"$qcgi?$count\">\n";
print "<input type=hidden name=file value=\"$qfile\">\n";
print "<input type=hidden name=boundary value=\"$qboundary\">\n";
+ print "<input type=hidden name=cookie value=\"$qcookie\">\n";
print "<input type=hidden name=count value=\"$count\">\n";
if ($image) {
- print "<input type=image name=submit src=\"$CGI?file=$qfile&amp;boundary=$qboundary&amp;count=$count\" alt=\"",
+ print "<input type=image name=submit src=\"$CGI?file=$qfile&amp;boundary=$qboundary&amp;cookie=$qcookie&amp;count=$count\" alt=\"",
&html_quote($name), "\">\n";
} else {
print "<input type=submit name=submit value=\"",