tobast/bizou
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

../../ security check

Browse source
This commit is contained in:
Marc MAURICE 2010-10-07 23:56:56 +02:00
parent 98dfce1391
commit 4a35600a74
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
index.php
View file

@ -66,6 +66,8 @@ if (! isset($_SERVER["PATH_INFO"])) {
$shortPath = $_SERVER["PATH_INFO"]; $shortPath = $_SERVER["PATH_INFO"];
if ($shortPath == '/') $shortPath = ''; if ($shortPath == '/') $shortPath = '';
// extra security check to avoid /photos/index/../.. like urls, maybe useless but..
if (strpos($shortPath, '..') !== false) die(".. found in url");
$folders = array(); $folders = array();
$imageFiles = array(); $imageFiles = array();