OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	03/31/2025 06:36:42 AM	rwxr-xr-x
📄 _get.section.collection.php	58.55 KB	03/26/2025 03:48:11 AM	rw-r--r--
📄 _get.section.create.php	21.82 KB	03/26/2025 03:48:11 AM	rw-r--r--
📄 _get.section.general.php	8.06 KB	03/26/2025 03:48:11 AM	rw-r--r--
📄 b.get.section.newsletter.php	18.36 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 bbget.section.curated.php	33.74 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 bget.section.newsletter.php	18.39 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 bget.section.request.article.php	6.04 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 chk.logged.in.php	1.16 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 chk.login.php	1.31 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 d_get.section.collection.php	57.93 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 d_get.section.create.php	21.87 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 fget.section.curated.php	17.04 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 fget.section.settings.php	33.55 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 get.section.account.php	8.55 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 get.section.analytics.php	11.45 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 get.section.collection copy.php	67.57 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 get.section.collection.php	69.19 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 get.section.community.php	7.7 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 get.section.create.php	22.41 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 get.section.curated.php	33.74 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 get.section.dashboard.php	3.31 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 get.section.feed.php	6.87 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 get.section.genai.php	9.84 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 get.section.genaicreative.php	10.52 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 get.section.general.php	2.28 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 get.section.newsletter.php	18.94 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 get.section.request.article - Copy.php	5.82 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 get.section.request.article.php	16.31 KB	03/26/2025 03:48:10 AM	rw-r--r--
📄 get.section.settings.php	41.71 KB	03/26/2025 03:48:11 AM	rw-r--r--
📄 get.section.team.php	6.72 KB	03/26/2025 03:48:11 AM	rw-r--r--
📄 get.section.test.php	529 bytes	03/26/2025 03:48:11 AM	rw-r--r--
📄 get.section.utils.php	4.77 KB	03/26/2025 03:48:11 AM	rw-r--r--
📄 logout.php	428 bytes	03/26/2025 03:48:11 AM	rw-r--r--
📄 my-get.section.curated.php	18.56 KB	03/26/2025 03:48:11 AM	rw-r--r--
📄 old.get.section.genai.php	10.22 KB	03/26/2025 03:48:11 AM	rw-r--r--
📄 old1get.section.create.php	30.29 KB	03/26/2025 03:48:11 AM	rw-r--r--
📄 sendgrid.php	3.62 KB	03/26/2025 03:48:11 AM	rw-r--r--
📄 upload.php	2.4 KB	03/26/2025 03:48:11 AM	rw-r--r--
📄 z.get.section.feed.php	6.88 KB	03/26/2025 03:48:11 AM	rw-r--r--
📄 zget.section.newsletter.php	17.97 KB	03/26/2025 03:48:11 AM	rw-r--r--
📄 zget.section.settings.php	34.6 KB	03/26/2025 03:48:11 AM	rw-r--r--
📄 zzget.section.curated.php	13.95 KB	03/26/2025 03:48:11 AM	rw-r--r--
📄 zzget.section.genai.php	12.7 KB	03/26/2025 03:48:11 AM	rw-r--r--

Name

Size

Modified

Perms

📁 ..

03/31/2025 06:36:42 AM

rwxr-xr-x

📄 _get.section.collection.php

58.55 KB

03/26/2025 03:48:11 AM

rw-r--r--

📄 _get.section.create.php

21.82 KB

03/26/2025 03:48:11 AM

rw-r--r--

📄 _get.section.general.php

8.06 KB

03/26/2025 03:48:11 AM

rw-r--r--

📄 b.get.section.newsletter.php

18.36 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 bbget.section.curated.php

33.74 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 bget.section.newsletter.php

18.39 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 bget.section.request.article.php

6.04 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 chk.logged.in.php

1.16 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 chk.login.php

1.31 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 d_get.section.collection.php

57.93 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 d_get.section.create.php

21.87 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 fget.section.curated.php

17.04 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 fget.section.settings.php

33.55 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 get.section.account.php

8.55 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 get.section.analytics.php

11.45 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 get.section.collection copy.php

67.57 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 get.section.collection.php

69.19 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 get.section.community.php

7.7 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 get.section.create.php

22.41 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 get.section.curated.php

33.74 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 get.section.dashboard.php

3.31 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 get.section.feed.php

6.87 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 get.section.genai.php

9.84 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 get.section.genaicreative.php

10.52 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 get.section.general.php

2.28 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 get.section.newsletter.php

18.94 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 get.section.request.article - Copy.php

5.82 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 get.section.request.article.php

16.31 KB

03/26/2025 03:48:10 AM

rw-r--r--

📄 get.section.settings.php

41.71 KB

03/26/2025 03:48:11 AM

rw-r--r--

📄 get.section.team.php

6.72 KB

03/26/2025 03:48:11 AM

rw-r--r--

📄 get.section.test.php

529 bytes

03/26/2025 03:48:11 AM

rw-r--r--

📄 get.section.utils.php

4.77 KB

03/26/2025 03:48:11 AM

rw-r--r--

📄 logout.php

428 bytes

03/26/2025 03:48:11 AM

rw-r--r--

📄 my-get.section.curated.php

18.56 KB

03/26/2025 03:48:11 AM

rw-r--r--

📄 old.get.section.genai.php

10.22 KB

03/26/2025 03:48:11 AM

rw-r--r--

📄 old1get.section.create.php

30.29 KB

03/26/2025 03:48:11 AM

rw-r--r--

📄 sendgrid.php

3.62 KB

03/26/2025 03:48:11 AM

rw-r--r--

📄 upload.php

2.4 KB

03/26/2025 03:48:11 AM

rw-r--r--

📄 z.get.section.feed.php

6.88 KB

03/26/2025 03:48:11 AM

rw-r--r--

📄 zget.section.newsletter.php

17.97 KB

03/26/2025 03:48:11 AM

rw-r--r--

📄 zget.section.settings.php

34.6 KB

03/26/2025 03:48:11 AM

rw-r--r--

📄 zzget.section.curated.php

13.95 KB

03/26/2025 03:48:11 AM

rw-r--r--

📄 zzget.section.genai.php

12.7 KB

03/26/2025 03:48:11 AM

rw-r--r--

Editing: upload.php

session_start();

if (isset($_SESSION['userId'])) {
   $gUserId = $_SESSION['userId'];
  } else {
   die();
  }

/*******************************************************
   * Only these origins will be allowed to upload images *
   ******************************************************/
  $accepted_origins = array("http://localhost", "https://staging.knoblycream.com", "http://staging.knoblycream.com", "https://www.knoblycream.com", "http://www.knoblycream.com", "https://knoblycream.com", "http://knoblycream.com");

/*********************************************
   * Change this line to set the upload folder *
   *********************************************/
  $imageFolder = "data/posts/$gUserId/";

$chkFolder = "../data/posts/$gUserId";
  if (!file_exists($chkFolder)) {
   mkdir($chkFolder, 0777, true);
  }
  
  reset ($_FILES);
  $temp = current($_FILES);
  if (is_uploaded_file($temp['tmp_name'])){
    if (isset($_SERVER['HTTP_ORIGIN'])) {
      // same-origin requests won't set an origin. If the origin is set, it must be valid.
      if (in_array($_SERVER['HTTP_ORIGIN'], $accepted_origins)) {
        header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
      } else {
        header("HTTP/1.1 403 Origin Denied");
        return;
      }
    }

// Sanitize input
    if (preg_match("/([^\w\s\d\-_~,;:\[\].])|([\.]{2,})/", $temp['name'])) {
        header("HTTP/1.1 400 Invalid file name.");
        return;
    }

// Verify extension
    if (!in_array(strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION)), array("gif", "jpg", "png"))) {
        header("HTTP/1.1 400 Invalid extension.");
        return;
    }

// Accept upload if there was no origin, or if it is an accepted origin
    // $filetowrite = $imageFolder . $temp['name'];

$fileRaw = hash('ripemd160', time().mt_rand(10,1000)) . '.' . pathinfo($temp['name'], PATHINFO_EXTENSION);
    $fileWrite = '../' . $imageFolder . $fileRaw;
    $fileShow = $imageFolder . $fileRaw;

move_uploaded_file($temp['tmp_name'], $fileWrite);

// Respond to the successful upload with JSON.
    // Use a location key to specify the path to the saved image resource.
    // { location : '/your/uploaded/image/file'}
    echo json_encode(array('location' => $fileShow));
  } else {
    // Notify editor that the upload failed
    header("HTTP/1.1 500 Server Error");
  }
?>