diff options
Diffstat (limited to 'scripts/multipart/multipart.cgi.in')
-rw-r--r-- | scripts/multipart/multipart.cgi.in | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/scripts/multipart/multipart.cgi.in b/scripts/multipart/multipart.cgi.in index 1c92d70..d51a521 100644 --- a/scripts/multipart/multipart.cgi.in +++ b/scripts/multipart/multipart.cgi.in @@ -28,11 +28,21 @@ if (defined($query)) { } $file = &form_decode($v{'file'}); $boundary = &form_decode($v{'boundary'}); + $cookie = &form_decode($v{'cookie'}); + if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) { + print <<EOF; +Content-Type: text/plain + +Local cookie doesn't match: It may be an illegal execution +EOF + exit(1); + } } else { $file = $ARGV[0]; if (@ARGV >= 2) { $boundary = $ARGV[1]; } + $cookie = $ENV{'LOCAL_COOKIE'}; } open(F, "< $file"); @@ -121,6 +131,7 @@ if (defined($v{'count'})) { $qcgi = &html_quote($CGI); $qfile = &html_quote($file); $qboundary = &html_quote($boundary); +$qcookie = &html_quote($cookie); if ($mbody =~ /\S/) { $_ = $mbody; @@ -195,9 +206,10 @@ while(! $end) { print "<form method=POST action=\"$qcgi?$count\">\n"; print "<input type=hidden name=file value=\"$qfile\">\n"; print "<input type=hidden name=boundary value=\"$qboundary\">\n"; + print "<input type=hidden name=cookie value=\"$qcookie\">\n"; print "<input type=hidden name=count value=\"$count\">\n"; if ($image) { - print "<input type=image name=submit src=\"$CGI?file=$qfile&boundary=$qboundary&count=$count\" alt=\"", + print "<input type=image name=submit src=\"$CGI?file=$qfile&boundary=$qboundary&cookie=$qcookie&count=$count\" alt=\"", &html_quote($name), "\">\n"; } else { print "<input type=submit name=submit value=\"", |