Commit 345cfaf2 authored by Claudemir Todo Bom's avatar Claudemir Todo Bom

* generic function to expand and verify the checksum of path

parent 01cd24aa
Pipeline #169 passed with stage
in 1 minute and 29 seconds
......@@ -2,14 +2,10 @@
require_once "wwmail.inc.php";
$config = parse_ini_string(file_read_without_comments("/etc/default/wwmail"));
var_dump($config);
$pathinfo = array_filter(explode('/',trim($_SERVER["PATH_INFO"]," \t\n\r\0\x0B/")));
$pathinfo = get_pathinfo();
var_dump($pathinfo);
$sum = base64url_encode(md5($pathinfo[0].$pathinfo[1].$config["WW_ISP_PASS"],TRUE));
var_dump($sum);
phpinfo();
......@@ -19,3 +19,27 @@ function file_read_without_comments($filepath) {
fclose($file);
return $string;
}
/**
* Obtain exploded Pathinfo, each path element on an array item
* and checks the checksum on the last item (not returned)
*
* @return Array with PATH_INFO elements without the checksum or
* FALSE if checksum verification fails
*/
function get_pathinfo() {
$pathinfo = array_filter(explode('/',trim($_SERVER["PATH_INFO"]," \t\n\r\0\x0B/")));
$origsum = array_pop($pathinfo);
$config = parse_ini_string(file_read_without_comments("/etc/default/wwmail"));
$pathtext = "";
for ($i=0 ; $i<count($pathinfo) ; $i++) {
$pathtext .= $pathinfo[$i];
}
$sum = base64url_encode(md5($pathtext.$config["WW_ISP_PASS"],TRUE));
if ($origsum === $sum) {
return $pathinfo;
}
return FALSE;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment