From a56fe5d619db5565db03a8d0b6e6695232656935 Mon Sep 17 00:00:00 2001
From: Fascinated <admin@fascinated.cc>
Date: Wed, 5 Jul 2023 00:41:33 +0100
Subject: [PATCH] add a check to disallow uploading files using the default
 secret key

---
 upload.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/upload.php b/upload.php
index ab2cb8b..a4617ba 100644
--- a/upload.php
+++ b/upload.php
@@ -70,6 +70,16 @@ try {
     die();
   }
 
+  // Check if the secret is the default one, and if so, tell the user to change it
+  if ($secret == "set me") {
+    returnJson(array(
+      'status' => 'ERROR',
+      'url' => 'You need to set your upload secret in the configuration section of the upload.php file',
+      'timeTaken' => getTimeTaken()
+    ));
+    die();
+  }
+
   // Check if the file was uploaded
   if (!isset($file)) {
     returnJson(array(