OXIESEC PANEL
- Current Dir:
/
/
var
/
www
/
cream
/
process
Server IP: 139.59.38.164
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
06/17/2025 10:17:24 AM
rwxrwxr-x
📄
_get.section.collection.php
58.55 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
_get.section.create.php
21.82 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
_get.section.general.php
8.06 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
b.get.section.newsletter.php
18.39 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
bbget.section.curated.php
33.74 KB
05/19/2025 10:07:13 AM
rw-r--r--
📄
bget.section.newsletter.php
18.42 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
bget.section.request.article.php
6.04 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
chk.logged.in.php
1.16 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
chk.login.php
1.31 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
d_get.section.collection.php
57.93 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
d_get.section.create.php
21.87 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
fget.section.curated.php
17.04 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
fget.section.settings.php
33.55 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
get.section.account.php
18.88 KB
06/17/2025 08:40:01 AM
rw-rw-r--
📄
get.section.analytics.php
11.45 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
get.section.collection copy.php
67.57 KB
05/19/2025 10:07:13 AM
rw-r--r--
📄
get.section.collection.php
69.19 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
get.section.community.php
7.71 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
get.section.create.php
22.41 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
get.section.curated.php
33.74 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
get.section.dashboard.php
3.31 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
get.section.feed.php
6.87 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
get.section.genai.php
9.87 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
get.section.genaicreative.php
10.55 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
get.section.general.php
2.28 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
get.section.newsletter.php
18.97 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
get.section.request.article - Copy.php
5.82 KB
05/19/2025 10:07:13 AM
rw-r--r--
📄
get.section.request.article.php
16.94 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
get.section.settings.php
41.71 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
get.section.team.php
6.73 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
get.section.test.php
529 bytes
05/19/2025 10:07:13 AM
rw-r--r--
📄
get.section.utils.php
4.75 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
logout.php
428 bytes
05/19/2025 10:07:13 AM
rw-rw-r--
📄
my-get.section.curated.php
18.57 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
old.get.section.genai.php
10.25 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
old1get.section.create.php
30.29 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
sendgrid.php
3.62 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
upload.php
2.4 KB
05/19/2025 10:07:13 AM
rwxrwxrwx
📄
z.get.section.feed.php
6.88 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
zget.section.newsletter.php
18 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
zget.section.settings.php
34.6 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
zzget.section.curated.php
13.95 KB
05/19/2025 10:07:13 AM
rw-rw-r--
📄
zzget.section.genai.php
12.73 KB
05/19/2025 10:07:13 AM
rw-rw-r--
Editing: upload.php
Close
<? session_start(); if (isset($_SESSION['userId'])) { $gUserId = $_SESSION['userId']; } else { die(); } /******************************************************* * Only these origins will be allowed to upload images * ******************************************************/ $accepted_origins = array("http://localhost", "https://staging.knoblycream.com", "http://staging.knoblycream.com", "https://www.knoblycream.com", "http://www.knoblycream.com", "https://knoblycream.com", "http://knoblycream.com"); /********************************************* * Change this line to set the upload folder * *********************************************/ $imageFolder = "data/posts/$gUserId/"; $chkFolder = "../data/posts/$gUserId"; if (!file_exists($chkFolder)) { mkdir($chkFolder, 0777, true); } reset ($_FILES); $temp = current($_FILES); if (is_uploaded_file($temp['tmp_name'])){ if (isset($_SERVER['HTTP_ORIGIN'])) { // same-origin requests won't set an origin. If the origin is set, it must be valid. if (in_array($_SERVER['HTTP_ORIGIN'], $accepted_origins)) { header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']); } else { header("HTTP/1.1 403 Origin Denied"); return; } } // Sanitize input if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) { header("HTTP/1.1 400 Invalid file name."); return; } // Verify extension if (!in_array(strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION)), array("gif", "jpg", "png"))) { header("HTTP/1.1 400 Invalid extension."); return; } // Accept upload if there was no origin, or if it is an accepted origin // $filetowrite = $imageFolder . $temp['name']; $fileRaw = hash('ripemd160', time().mt_rand(10,1000)) . '.' . pathinfo($temp['name'], PATHINFO_EXTENSION); $fileWrite = '../' . $imageFolder . $fileRaw; $fileShow = $imageFolder . $fileRaw; move_uploaded_file($temp['tmp_name'], $fileWrite); // Respond to the successful upload with JSON. // Use a location key to specify the path to the saved image resource. // { location : '/your/uploaded/image/file'} echo json_encode(array('location' => $fileShow)); } else { // Notify editor that the upload failed header("HTTP/1.1 500 Server Error"); } ?>