../../ security check

2010-10-07 23:56:56 +02:00 · 2010-10-07 23:56:56 +02:00 · 4a35600a74
commit 4a35600a74
parent 98dfce1391
1 changed files with 2 additions and 0 deletions
--- a/index.php
+++ b/index.php
@ -66,6 +66,8 @@ if (! isset($_SERVER["PATH_INFO"])) {

 $shortPath = $_SERVER["PATH_INFO"];
 if ($shortPath == '/') $shortPath = '';
+// extra security check to avoid /photos/index/../.. like urls, maybe useless but..
+if (strpos($shortPath, '..') !== false) die(".. found in url");

 $folders = array();
 $imageFiles = array();