function hnngSanitizeArray($url) { if (is_array($url)) { foreach ($url as $key => $value) { $url[$key] = hnngSanitizeArray($value); } return $url; } else { // remove everything except for a-ZA-Z0-9_.-&= $url = preg_replace('/[^a-zA-Z0-9_\\.\\-&=@\\s]/', '', $url); return $url; } }
the Free Software Foundation, either version 3 of the License, or (at your option) any later version. hnng.moe is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with hnng.moe. If not, see <http://www.gnu.org/licenses/>. */ define('hnngAllowInclude', true); define('hnngRoot', realpath(dirname(__FILE__)) . '/'); require_once hnngRoot . 'debug.php'; require_once hnngRoot . 'dbmanager.php'; require_once hnngRoot . 'conf.php'; require_once hnngRoot . 'utils.php'; $_GET = hnngSanitizeArray($_GET); if (empty($_GET['devkey']) || $_GET['devkey'] != $hnngConf['devkey']) { die("Sorry only developers can use this!"); } if (!isset($_GET['time'])) { echo json_encode(array()); exit; } $time = $_GET['time']; $lastid = ""; if (isset($_GET['lastid'])) { $lastid = $_GET['lastid']; } $time = date("Y-m-d\\TH:i:s\\Z", $time); $st = $db->prepare("SELECT id, url, time, deletekey " . "FROM hnng_urls WHERE time >= :time AND id != :lastid " . "ORDER BY time ASC LIMIT 0 , 4"); $st->bindValue(':time', $time, PDO::PARAM_STR);
(at your option) any later version. hnng.moe is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with hnng.moe. If not, see <http://www.gnu.org/licenses/>. */ define('hnngAllowInclude', true); define('hnngRoot', realpath(dirname(__FILE__)) . '/'); require_once hnngRoot . 'debug.php'; require_once hnngRoot . 'dbmanager.php'; require_once hnngRoot . 'conf.php'; require_once hnngRoot . 'utils.php'; if ($hnngConf['manteinance'] && (empty($_GET['devkey']) || $_GET['devkey'] != $hnngConf['devkey'])) { die("The site is currently undergoing manteinance."); } if ($hnngConf['private_upload']) { $_POST = hnngSanitizeArray($_POST); if ($_POST['key'] != $hnngConf['private_upload_key']) { die("Sorry, the uploader is private at the moment!"); } } if (empty($_FILES['file'])) { die("You didn't provide any file!"); } $result = hnngUploadFile($_FILES['file']); if ($result['status'] != 'OK') { die($result['status']); } echo $result['url'];