From 792b369efc1fd193d9abf3d642745ff0e468e971 Mon Sep 17 00:00:00 2001 From: paulr Date: Thu, 1 Dec 2011 14:04:01 +1100 Subject: [PATCH] its all about you, its all about me, its what they said we could be --- show.php | 18 +++++++++++++++++- 1 files changed, 17 insertions(+), 1 deletions(-) diff --git a/show.php b/show.php index 2489d45..5d70a62 100644 --- a/show.php +++ b/show.php @@ -31,6 +31,21 @@ if(isset($_REQUEST["showpic"])) { } else { header("Status: 404 Not Found"); } +} else if(isset($_REQUEST["fullpic"])) { + $file = $_REQUEST["fullpic"]; + if(preg_match("/.*\/+.*/", $_REQUEST["fullpic"])) { + error_log("throwing 403"); + header("Status: 403 i dont think so"); + return; + } + $afile = "$show_dir/".$_REQUEST["fullpic"]; + if(file_exists($afile)) { + echo "

Fullsize picture $file

"; + } else { + header("Status: 403 i dont think so"); + return; + } + return; } else if(isset($_REQUEST["medpic"])) { $file = $_REQUEST["medpic"]; if(preg_match("/.*\/+.*/", $_REQUEST["medpic"])) { @@ -40,11 +55,12 @@ if(isset($_REQUEST["showpic"])) { } $afile = "$show_dir/".$_REQUEST["medpic"]; if(file_exists($afile)) { - echo "

Picture $file

"; + echo "

Picture $file

"; } else { header("Status: 403 i dont think so"); return; } + return; } else if(isset($_REQUEST["showmedpic"])) { if(preg_match("/.*\/+.*/", $_REQUEST["showmedpic"])) { error_log("throwing 403"); -- 1.7.0.4