X-Git-Url: http://positon.org/gitweb/?p=bizou.git;a=blobdiff_plain;f=index.php;h=a26ba60c4639997d3a0f025312fd2cf52e03d251;hp=1d72e79e6dce132670d2b1b573cccfddbe3dcd75;hb=4a35600a748ef0f13786a8e83c100c15a7b68566;hpb=98dfce139150092549dc000bb555c52984328006

diff --git a/index.php b/index.php
index 1d72e79..a26ba60 100644
--- a/index.php
+++ b/index.php
@@ -66,6 +66,8 @@ if (! isset($_SERVER["PATH_INFO"])) {
 
 $shortPath = $_SERVER["PATH_INFO"];
 if ($shortPath == '/') $shortPath = '';
+// extra security check to avoid /photos/index/../.. like urls, maybe useless but..
+if (strpos($shortPath, '..') !== false) die(".. found in url");
 
 $folders = array();
 $imageFiles = array();