OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	05/19/2025 10:07:15 AM	rwxr-xr-x
📄 _get.section.collection.php	58.55 KB	05/19/2025 10:07:14 AM	rw-r--r--
📄 _get.section.create.php	21.82 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 _get.section.general.php	8.06 KB	05/19/2025 10:07:13 AM	rw-r--r--
📄 autoload.php	771 bytes	05/19/2025 10:07:14 AM	rw-r--r--
📁 aws	-	03/03/2025 08:31:01 AM	rwxr-xr-x
📁 bin	-	05/19/2025 10:07:13 AM	rwxr-xr-x
📄 bounceViewList.php	5.86 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 chk.logged.in.php	1.16 KB	05/19/2025 10:07:13 AM	rw-r--r--
📄 chk.login.php	1.31 KB	05/19/2025 10:07:13 AM	rw-r--r--
📁 composer	-	05/19/2025 10:07:14 AM	rwxr-xr-x
📄 d_get.section.collection.php	57.93 KB	05/19/2025 10:07:14 AM	rw-r--r--
📄 d_get.section.create.php	21.87 KB	05/19/2025 10:07:13 AM	rw-r--r--
📄 get.section.account.php	8.47 KB	05/19/2025 10:07:13 AM	rw-r--r--
📄 get.section.analytics.php	11.46 KB	05/19/2025 10:07:15 AM	rw-r--r--
📄 get.section.collection.php	58.52 KB	05/19/2025 10:07:13 AM	rw-r--r--
📄 get.section.community.php	5.89 KB	05/19/2025 10:07:14 AM	rw-r--r--
📄 get.section.create.php	22.41 KB	05/19/2025 10:07:13 AM	rw-r--r--
📄 get.section.curated.php	5.07 KB	05/19/2025 10:07:13 AM	rw-r--r--
📄 get.section.dashboard.php	3.31 KB	05/19/2025 10:07:14 AM	rw-r--r--
📄 get.section.feed.php	6.87 KB	05/19/2025 10:07:13 AM	rw-r--r--
📄 get.section.general.php	9.31 KB	05/19/2025 10:07:14 AM	rw-r--r--
📄 get.section.newsletter.php	9.25 KB	05/19/2025 10:07:13 AM	rw-r--r--
📄 get.section.request.article.php	5.82 KB	05/19/2025 10:07:13 AM	rw-r--r--
📄 get.section.settings.php	21.15 KB	05/19/2025 10:07:14 AM	rw-r--r--
📄 get.section.team.php	6.73 KB	05/19/2025 10:07:13 AM	rw-r--r--
📄 get.section.utils.php	4.1 KB	05/19/2025 10:07:14 AM	rw-r--r--
📁 guzzlehttp	-	03/03/2025 08:31:03 AM	rwxr-xr-x
📄 logout.php	428 bytes	05/19/2025 10:07:13 AM	rw-r--r--
📁 mtdowling	-	03/03/2025 08:31:03 AM	rwxr-xr-x
📁 phpmailer	-	03/03/2025 08:31:03 AM	rwxr-xr-x
📁 psr	-	03/03/2025 08:31:04 AM	rwxr-xr-x
📁 ralouphie	-	03/03/2025 08:31:04 AM	rwxr-xr-x
📄 sendgrid.php	3.62 KB	05/19/2025 10:07:13 AM	rw-r--r--
📁 symfony	-	03/03/2025 08:31:04 AM	rwxr-xr-x
📄 upload.php	2.4 KB	05/19/2025 10:07:14 AM	rw-r--r--
📄 verify.php	3.12 KB	05/19/2025 10:07:13 AM	rw-r--r--
📄 verify_email.php	7.13 KB	05/19/2025 10:07:15 AM	rw-r--r--
📁 wildbit	-	03/03/2025 08:31:05 AM	rwxr-xr-x
📄 z.get.section.feed.php	6.88 KB	05/19/2025 10:07:15 AM	rw-r--r--

Name

Size

Modified

Perms

📁 ..

05/19/2025 10:07:15 AM

rwxr-xr-x

📄 _get.section.collection.php

58.55 KB

05/19/2025 10:07:14 AM

rw-r--r--

📄 _get.section.create.php

21.82 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 _get.section.general.php

8.06 KB

05/19/2025 10:07:13 AM

rw-r--r--

📄 autoload.php

771 bytes

05/19/2025 10:07:14 AM

rw-r--r--

📁 aws

03/03/2025 08:31:01 AM

rwxr-xr-x

📁 bin

05/19/2025 10:07:13 AM

rwxr-xr-x

📄 bounceViewList.php

5.86 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 chk.logged.in.php

1.16 KB

05/19/2025 10:07:13 AM

rw-r--r--

📄 chk.login.php

1.31 KB

05/19/2025 10:07:13 AM

rw-r--r--

📁 composer

05/19/2025 10:07:14 AM

rwxr-xr-x

📄 d_get.section.collection.php

57.93 KB

05/19/2025 10:07:14 AM

rw-r--r--

📄 d_get.section.create.php

21.87 KB

05/19/2025 10:07:13 AM

rw-r--r--

📄 get.section.account.php

8.47 KB

05/19/2025 10:07:13 AM

rw-r--r--

📄 get.section.analytics.php

11.46 KB

05/19/2025 10:07:15 AM

rw-r--r--

📄 get.section.collection.php

58.52 KB

05/19/2025 10:07:13 AM

rw-r--r--

📄 get.section.community.php

5.89 KB

05/19/2025 10:07:14 AM

rw-r--r--

📄 get.section.create.php

22.41 KB

05/19/2025 10:07:13 AM

rw-r--r--

📄 get.section.curated.php

5.07 KB

05/19/2025 10:07:13 AM

rw-r--r--

📄 get.section.dashboard.php

3.31 KB

05/19/2025 10:07:14 AM

rw-r--r--

📄 get.section.feed.php

6.87 KB

05/19/2025 10:07:13 AM

rw-r--r--

📄 get.section.general.php

9.31 KB

05/19/2025 10:07:14 AM

rw-r--r--

📄 get.section.newsletter.php

9.25 KB

05/19/2025 10:07:13 AM

rw-r--r--

📄 get.section.request.article.php

5.82 KB

05/19/2025 10:07:13 AM

rw-r--r--

📄 get.section.settings.php

21.15 KB

05/19/2025 10:07:14 AM

rw-r--r--

📄 get.section.team.php

6.73 KB

05/19/2025 10:07:13 AM

rw-r--r--

📄 get.section.utils.php

4.1 KB

05/19/2025 10:07:14 AM

rw-r--r--

📁 guzzlehttp

03/03/2025 08:31:03 AM

rwxr-xr-x

📄 logout.php

428 bytes

05/19/2025 10:07:13 AM

rw-r--r--

📁 mtdowling

03/03/2025 08:31:03 AM

rwxr-xr-x

📁 phpmailer

03/03/2025 08:31:03 AM

rwxr-xr-x

📁 psr

03/03/2025 08:31:04 AM

rwxr-xr-x

📁 ralouphie

03/03/2025 08:31:04 AM

rwxr-xr-x

📄 sendgrid.php

3.62 KB

05/19/2025 10:07:13 AM

rw-r--r--

📁 symfony

03/03/2025 08:31:04 AM

rwxr-xr-x

📄 upload.php

2.4 KB

05/19/2025 10:07:14 AM

rw-r--r--

📄 verify.php

3.12 KB

05/19/2025 10:07:13 AM

rw-r--r--

📄 verify_email.php

7.13 KB

05/19/2025 10:07:15 AM

rw-r--r--

📁 wildbit

03/03/2025 08:31:05 AM

rwxr-xr-x

📄 z.get.section.feed.php

6.88 KB

05/19/2025 10:07:15 AM

rw-r--r--

Editing: upload.php

session_start();

if (isset($_SESSION['userId'])) {
   $gUserId = $_SESSION['userId'];
  } else {
   die();
  }

/*******************************************************
   * Only these origins will be allowed to upload images *
   ******************************************************/
  $accepted_origins = array("http://localhost", "https://staging.knoblycream.com", "http://staging.knoblycream.com", "https://www.knoblycream.com", "http://www.knoblycream.com", "https://knoblycream.com", "http://knoblycream.com");

/*********************************************
   * Change this line to set the upload folder *
   *********************************************/
  $imageFolder = "data/posts/$gUserId/";

$chkFolder = "../data/posts/$gUserId";
  if (!file_exists($chkFolder)) {
   mkdir($chkFolder, 0777, true);
  }
  
  reset ($_FILES);
  $temp = current($_FILES);
  if (is_uploaded_file($temp['tmp_name'])){
    if (isset($_SERVER['HTTP_ORIGIN'])) {
      // same-origin requests won't set an origin. If the origin is set, it must be valid.
      if (in_array($_SERVER['HTTP_ORIGIN'], $accepted_origins)) {
        header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
      } else {
        header("HTTP/1.1 403 Origin Denied");
        return;
      }
    }

// Sanitize input
    if (preg_match("/([^\w\s\d\-_~,;:\[\].])|([\.]{2,})/", $temp['name'])) {
        header("HTTP/1.1 400 Invalid file name.");
        return;
    }

// Verify extension
    if (!in_array(strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION)), array("gif", "jpg", "png"))) {
        header("HTTP/1.1 400 Invalid extension.");
        return;
    }

// Accept upload if there was no origin, or if it is an accepted origin
    // $filetowrite = $imageFolder . $temp['name'];

$fileRaw = hash('ripemd160', time().mt_rand(10,1000)) . '.' . pathinfo($temp['name'], PATHINFO_EXTENSION);
    $fileWrite = '../' . $imageFolder . $fileRaw;
    $fileShow = $imageFolder . $fileRaw;

move_uploaded_file($temp['tmp_name'], $fileWrite);

// Respond to the successful upload with JSON.
    // Use a location key to specify the path to the saved image resource.
    // { location : '/your/uploaded/image/file'}
    echo json_encode(array('location' => $fileShow));
  } else {
    // Notify editor that the upload failed
    header("HTTP/1.1 500 Server Error");
  }
?>