summaryrefslogtreecommitdiffstats
path: root/system/application/controllers
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xssn.at>2011-01-18 19:12:36 +0100
committerFlorian Pritz <bluewind@xssn.at>2011-01-18 19:12:36 +0100
commitb6b8a6587c399bfd89e13e92ce04ee8486688e6e (patch)
tree6479b1bfff401c6f143b2c7e1ba8554adbb233b0 /system/application/controllers
parent40b842682fbb4e27031ffdb26709d20f4f9b38e9 (diff)
disable do_paste due to bot problems
There are still bots which are able to trick the hidden email field and they upload phishing pages which let to paste.xinu.at being listed. Signed-off-by: Florian Pritz <bluewind@xssn.at>
Diffstat (limited to 'system/application/controllers')
-rw-r--r--system/application/controllers/file.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/system/application/controllers/file.php b/system/application/controllers/file.php
index adde14927..a11255986 100644
--- a/system/application/controllers/file.php
+++ b/system/application/controllers/file.php
@@ -124,8 +124,12 @@ class File extends Controller {
// support textareas on the upload form
// XXX: This requires users of suhosin to adjust maxium post and request size
// TODO: merge with do_upload()
+ // XXX: this is too vulnerable to bots
function do_paste()
{
+ // FIXME: disable until bot problem is really fixed
+ return $this->upload_form();
+
$data = array();
$content = $this->input->post('content')."\n";
$extension = $this->input->post('extension');