summaryrefslogtreecommitdiffstats
path: root/system/application/views
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xssn.at>2011-01-18 19:12:36 +0100
committerFlorian Pritz <bluewind@xssn.at>2011-01-18 19:12:36 +0100
commitb6b8a6587c399bfd89e13e92ce04ee8486688e6e (patch)
tree6479b1bfff401c6f143b2c7e1ba8554adbb233b0 /system/application/views
parent40b842682fbb4e27031ffdb26709d20f4f9b38e9 (diff)
disable do_paste due to bot problems
There are still bots which are able to trick the hidden email field and they upload phishing pages which let to paste.xinu.at being listed. Signed-off-by: Florian Pritz <bluewind@xssn.at>
Diffstat (limited to 'system/application/views')
-rw-r--r--system/application/views/file/client.php9
-rw-r--r--system/application/views/file/upload_form.php7
2 files changed, 11 insertions, 5 deletions
diff --git a/system/application/views/file/client.php b/system/application/views/file/client.php
index d9470a216..0ebc20791 100644
--- a/system/application/views/file/client.php
+++ b/system/application/views/file/client.php
@@ -1,8 +1,11 @@
<p><b>Shell:</b></p>
<pre>
-curl -n -F "content=&lt;-" <?php echo base_url(); ?> &lt; file (not binary safe)
-cat file | curl -n -F "content=&lt;-" <?php echo base_url(); ?> (not binary safe)
-curl -n -F "file=@/home/user/foo" <?php echo base_url(); ?> (binary safe)
+<?php if(false): ?>
+>curl -n -F "content=&lt;-" <?php echo site_url(); ?> &lt; file (not binary safe)
+cat file | curl -n -F "content=&lt;-" <?php echo site_url(); ?> (not binary safe)
+<?php endif; ?>
+curl -n -F "file=@/home/user/foo" <?php echo site_url(); ?> (binary safe)
+cat file | curl -n -F "file=@-;filename=stdin" <?php echo site_url(); ?> (binary safe)
</pre>
<p><b>Client:</b><br />
<p>Development (git): <a href="http://git.server-speed.net/users/flo/fb/">http://git.server-speed.net/users/flo/fb/</a><br />
diff --git a/system/application/views/file/upload_form.php b/system/application/views/file/upload_form.php
index 0f90bab0e..4b23783dd 100644
--- a/system/application/views/file/upload_form.php
+++ b/system/application/views/file/upload_form.php
@@ -5,7 +5,9 @@
<input type="submit" value="Upload" name="process" /><br />
Optional password (for deletion): <input type="password" name="password" size="10" />
</p>
- </form>
+ </form>
+ <p>Pasting text directly has been disabled due to extensive bot problems. Please use the file upload instead.</p>
+<?php if (false): ?>
<p><b>OR</b></p>
<?php echo form_open_multipart('file/do_paste'); ?>
<p>
@@ -13,7 +15,8 @@
<div style="display: none">Email: <input type="text" name="email" size="20" /></div>
Optional password (for deletion): <input type="password" name="password" size="10" /><br />
<input type="submit" value="Paste" name="process" />
- </p>
+ </p>
+<?php endif; ?>
</form>
</div>
<br />