projects
/
bizou.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
98dfce1
)
../../ security check
author
Marc MAURICE
<dooblempub@positon.org>
Thu, 7 Oct 2010 21:56:56 +0000
(23:56 +0200)
committer
Marc MAURICE
<dooblempub@positon.org>
Thu, 7 Oct 2010 21:56:56 +0000
(23:56 +0200)
index.php
patch
|
blob
|
history
diff --git
a/index.php
b/index.php
index
1d72e79
..
a26ba60
100644
(file)
--- a/
index.php
+++ b/
index.php
@@
-66,6
+66,8
@@
if (! isset($_SERVER["PATH_INFO"])) {
$shortPath = $_SERVER["PATH_INFO"];
if ($shortPath == '/') $shortPath = '';
+// extra security check to avoid /photos/index/../.. like urls, maybe useless but..
+if (strpos($shortPath, '..') !== false) die(".. found in url");
$folders = array();
$imageFiles = array();