../../ security check

author Marc MAURICE <dooblempub@positon.org>

Thu, 7 Oct 2010 21:56:56 +0000 (23:56 +0200)

committer Marc MAURICE <dooblempub@positon.org>

Thu, 7 Oct 2010 21:56:56 +0000 (23:56 +0200)
author Marc MAURICE <dooblempub@positon.org>
Thu, 7 Oct 2010 21:56:56 +0000 (23:56 +0200)
committer Marc MAURICE <dooblempub@positon.org>
Thu, 7 Oct 2010 21:56:56 +0000 (23:56 +0200)
diff --git a/index.php b/index.php

index 1d72e79..a26ba60 100644 (file)
--- a/index.php
+++ b/index.php
@@ -66,6 +66,8 @@ if (! isset($_SERVER["PATH_INFO"])) {
  
  $shortPath = $_SERVER["PATH_INFO"];
  if ($shortPath == '/') $shortPath = '';
+// extra security check to avoid /photos/index/../.. like urls, maybe useless but..
+if (strpos($shortPath, '..') !== false) die(".. found in url");
  
  $folders = array();
  $imageFiles = array();
author	Marc MAURICE <dooblempub@positon.org>
	Thu, 7 Oct 2010 21:56:56 +0000 (23:56 +0200)
committer	Marc MAURICE <dooblempub@positon.org>
	Thu, 7 Oct 2010 21:56:56 +0000 (23:56 +0200)