summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/application/controllers/file.php4
-rw-r--r--system/application/views/file/client.php9
-rw-r--r--system/application/views/file/upload_form.php7
3 files changed, 15 insertions, 5 deletions
diff --git a/system/application/controllers/file.php b/system/application/controllers/file.php
index adde14927..a11255986 100644
--- a/system/application/controllers/file.php
+++ b/system/application/controllers/file.php
@@ -124,8 +124,12 @@ class File extends Controller {
// support textareas on the upload form
// XXX: This requires users of suhosin to adjust maxium post and request size
// TODO: merge with do_upload()
+ // XXX: this is too vulnerable to bots
function do_paste()
{
+ // FIXME: disable until bot problem is really fixed
+ return $this->upload_form();
+
$data = array();
$content = $this->input->post('content')."\n";
$extension = $this->input->post('extension');
diff --git a/system/application/views/file/client.php b/system/application/views/file/client.php
index d9470a216..0ebc20791 100644
--- a/system/application/views/file/client.php
+++ b/system/application/views/file/client.php
@@ -1,8 +1,11 @@
<p><b>Shell:</b></p>
<pre>
-curl -n -F "content=&lt;-" <?php echo base_url(); ?> &lt; file (not binary safe)
-cat file | curl -n -F "content=&lt;-" <?php echo base_url(); ?> (not binary safe)
-curl -n -F "file=@/home/user/foo" <?php echo base_url(); ?> (binary safe)
+<?php if(false): ?>
+>curl -n -F "content=&lt;-" <?php echo site_url(); ?> &lt; file (not binary safe)
+cat file | curl -n -F "content=&lt;-" <?php echo site_url(); ?> (not binary safe)
+<?php endif; ?>
+curl -n -F "file=@/home/user/foo" <?php echo site_url(); ?> (binary safe)
+cat file | curl -n -F "file=@-;filename=stdin" <?php echo site_url(); ?> (binary safe)
</pre>
<p><b>Client:</b><br />
<p>Development (git): <a href="http://git.server-speed.net/users/flo/fb/">http://git.server-speed.net/users/flo/fb/</a><br />
diff --git a/system/application/views/file/upload_form.php b/system/application/views/file/upload_form.php
index 0f90bab0e..4b23783dd 100644
--- a/system/application/views/file/upload_form.php
+++ b/system/application/views/file/upload_form.php
@@ -5,7 +5,9 @@
<input type="submit" value="Upload" name="process" /><br />
Optional password (for deletion): <input type="password" name="password" size="10" />
</p>
- </form>
+ </form>
+ <p>Pasting text directly has been disabled due to extensive bot problems. Please use the file upload instead.</p>
+<?php if (false): ?>
<p><b>OR</b></p>
<?php echo form_open_multipart('file/do_paste'); ?>
<p>
@@ -13,7 +15,8 @@
<div style="display: none">Email: <input type="text" name="email" size="20" /></div>
Optional password (for deletion): <input type="password" name="password" size="10" /><br />
<input type="submit" value="Paste" name="process" />
- </p>
+ </p>
+<?php endif; ?>
</form>
</div>
<br />