OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	11/07/2024 07:55:42 AM	rwxr-xr-x
📄 b.get.section.curated.php	17.96 KB	08/16/2024 05:40:32 AM	rw-r--r--
📄 b.get.section.newsletter.php	18.39 KB	07/09/2024 11:59:36 AM	rw-r--r--
📄 bchk.login.php	1.84 KB	08/01/2024 11:55:32 AM	rw-r--r--
📄 chk.logged.in.php	1.16 KB	01/10/2021 12:30:27 PM	rw-r--r--
📄 chk.login.php	1.84 KB	08/07/2024 10:43:41 AM	rw-r--r--
📁 eyecandy	-	08/15/2024 04:29:45 AM	rwxr-xr-x
📄 get.section.account.php	8.47 KB	02/10/2022 03:15:36 PM	rw-r--r--
📄 get.section.admin.php	16.74 KB	08/02/2024 11:49:35 AM	rw-r--r--
📄 get.section.analytics.php	11.45 KB	07/09/2024 05:04:07 AM	rw-r--r--
📄 get.section.collection.php	58.52 KB	05/23/2024 04:31:24 AM	rw-r--r--
📄 get.section.community.php	7.71 KB	09/09/2024 09:46:43 AM	rw-r--r--
📄 get.section.create.php	22.41 KB	05/22/2024 11:08:28 AM	rw-r--r--
📄 get.section.curated - Copy.php	37.34 KB	09/12/2024 12:29:57 PM	rw-r--r--
📄 get.section.curated.php	40.16 KB	09/13/2024 05:15:16 AM	rw-r--r--
📄 get.section.dashboard.php	3.31 KB	02/10/2022 02:58:26 PM	rw-r--r--
📄 get.section.feed.php	7.42 KB	07/28/2024 01:53:28 PM	rw-r--r--
📄 get.section.genai.php	12.72 KB	07/15/2024 07:24:13 AM	rw-r--r--
📄 get.section.genaicreative.php	12.74 KB	07/15/2024 07:24:13 AM	rw-r--r--
📄 get.section.general.php	9.31 KB	08/22/2023 09:34:25 AM	rw-r--r--
📄 get.section.newsletter.php	18.42 KB	07/22/2024 12:12:42 PM	rw-r--r--
📄 get.section.request.article.php	5.82 KB	02/27/2021 02:27:58 PM	rw-r--r--
📄 get.section.settings.php	21.15 KB	12/28/2021 01:58:50 PM	rw-r--r--
📄 get.section.team.php	6.73 KB	05/23/2024 04:45:44 AM	rw-r--r--
📄 get.section.utils.php	4.1 KB	06/26/2021 06:06:51 AM	rw-r--r--
📄 logout.php	428 bytes	08/16/2020 11:22:29 AM	rw-r--r--
📄 sendgrid.php	3.62 KB	03/09/2021 04:01:36 AM	rw-r--r--
📄 upload.php	2.4 KB	08/22/2020 01:33:43 PM	rw-r--r--
📄 zget.section.curated.php	21.2 KB	08/27/2024 12:24:10 PM	rw-r--r--
📄 zzget.section.curated.php	23.64 KB	08/29/2024 08:24:32 AM	rw-r--r--

Name

Size

Modified

Perms

📁 ..

11/07/2024 07:55:42 AM

rwxr-xr-x

📄 b.get.section.curated.php

17.96 KB

08/16/2024 05:40:32 AM

rw-r--r--

📄 b.get.section.newsletter.php

18.39 KB

07/09/2024 11:59:36 AM

rw-r--r--

📄 bchk.login.php

1.84 KB

08/01/2024 11:55:32 AM

rw-r--r--

📄 chk.logged.in.php

1.16 KB

01/10/2021 12:30:27 PM

rw-r--r--

📄 chk.login.php

1.84 KB

08/07/2024 10:43:41 AM

rw-r--r--

📁 eyecandy

08/15/2024 04:29:45 AM

rwxr-xr-x

📄 get.section.account.php

8.47 KB

02/10/2022 03:15:36 PM

rw-r--r--

📄 get.section.admin.php

16.74 KB

08/02/2024 11:49:35 AM

rw-r--r--

📄 get.section.analytics.php

11.45 KB

07/09/2024 05:04:07 AM

rw-r--r--

📄 get.section.collection.php

58.52 KB

05/23/2024 04:31:24 AM

rw-r--r--

📄 get.section.community.php

7.71 KB

09/09/2024 09:46:43 AM

rw-r--r--

📄 get.section.create.php

22.41 KB

05/22/2024 11:08:28 AM

rw-r--r--

📄 get.section.curated - Copy.php

37.34 KB

09/12/2024 12:29:57 PM

rw-r--r--

📄 get.section.curated.php

40.16 KB

09/13/2024 05:15:16 AM

rw-r--r--

📄 get.section.dashboard.php

3.31 KB

02/10/2022 02:58:26 PM

rw-r--r--

📄 get.section.feed.php

7.42 KB

07/28/2024 01:53:28 PM

rw-r--r--

📄 get.section.genai.php

12.72 KB

07/15/2024 07:24:13 AM

rw-r--r--

📄 get.section.genaicreative.php

12.74 KB

07/15/2024 07:24:13 AM

rw-r--r--

📄 get.section.general.php

9.31 KB

08/22/2023 09:34:25 AM

rw-r--r--

📄 get.section.newsletter.php

18.42 KB

07/22/2024 12:12:42 PM

rw-r--r--

📄 get.section.request.article.php

5.82 KB

02/27/2021 02:27:58 PM

rw-r--r--

📄 get.section.settings.php

21.15 KB

12/28/2021 01:58:50 PM

rw-r--r--

📄 get.section.team.php

6.73 KB

05/23/2024 04:45:44 AM

rw-r--r--

📄 get.section.utils.php

4.1 KB

06/26/2021 06:06:51 AM

rw-r--r--

📄 logout.php

428 bytes

08/16/2020 11:22:29 AM

rw-r--r--

📄 sendgrid.php

3.62 KB

03/09/2021 04:01:36 AM

rw-r--r--

📄 upload.php

2.4 KB

08/22/2020 01:33:43 PM

rw-r--r--

📄 zget.section.curated.php

21.2 KB

08/27/2024 12:24:10 PM

rw-r--r--

📄 zzget.section.curated.php

23.64 KB

08/29/2024 08:24:32 AM

rw-r--r--

Editing: upload.php

session_start();

if (isset($_SESSION['userId'])) {
   $gUserId = $_SESSION['userId'];
  } else {
   die();
  }

/*******************************************************
   * Only these origins will be allowed to upload images *
   ******************************************************/
  $accepted_origins = array("http://localhost", "https://staging.knoblycream.com", "http://staging.knoblycream.com", "https://www.knoblycream.com", "http://www.knoblycream.com", "https://knoblycream.com", "http://knoblycream.com");

/*********************************************
   * Change this line to set the upload folder *
   *********************************************/
  $imageFolder = "data/posts/$gUserId/";

$chkFolder = "../data/posts/$gUserId";
  if (!file_exists($chkFolder)) {
   mkdir($chkFolder, 0777, true);
  }
  
  reset ($_FILES);
  $temp = current($_FILES);
  if (is_uploaded_file($temp['tmp_name'])){
    if (isset($_SERVER['HTTP_ORIGIN'])) {
      // same-origin requests won't set an origin. If the origin is set, it must be valid.
      if (in_array($_SERVER['HTTP_ORIGIN'], $accepted_origins)) {
        header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
      } else {
        header("HTTP/1.1 403 Origin Denied");
        return;
      }
    }

// Sanitize input
    if (preg_match("/([^\w\s\d\-_~,;:\[\].])|([\.]{2,})/", $temp['name'])) {
        header("HTTP/1.1 400 Invalid file name.");
        return;
    }

// Verify extension
    if (!in_array(strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION)), array("gif", "jpg", "png"))) {
        header("HTTP/1.1 400 Invalid extension.");
        return;
    }

// Accept upload if there was no origin, or if it is an accepted origin
    // $filetowrite = $imageFolder . $temp['name'];

$fileRaw = hash('ripemd160', time().mt_rand(10,1000)) . '.' . pathinfo($temp['name'], PATHINFO_EXTENSION);
    $fileWrite = '../' . $imageFolder . $fileRaw;
    $fileShow = $imageFolder . $fileRaw;

move_uploaded_file($temp['tmp_name'], $fileWrite);

// Respond to the successful upload with JSON.
    // Use a location key to specify the path to the saved image resource.
    // { location : '/your/uploaded/image/file'}
    echo json_encode(array('location' => $fileShow));
  } else {
    // Notify editor that the upload failed
    header("HTTP/1.1 500 Server Error");
  }
?>