From: Marc MAURICE <dooblempub@positon.org>
Date: Thu, 7 Oct 2010 21:56:56 +0000 (+0200)
Subject: ../../ security check
X-Git-Tag: v1.0~11
X-Git-Url: http://positon.org/gitweb/?p=bizou.git;a=commitdiff_plain;h=4a35600a748ef0f13786a8e83c100c15a7b68566

../../ security check
---

diff --git a/index.php b/index.php
index 1d72e79..a26ba60 100644
--- a/index.php
+++ b/index.php
@@ -66,6 +66,8 @@ if (! isset($_SERVER["PATH_INFO"])) {
 
 $shortPath = $_SERVER["PATH_INFO"];
 if ($shortPath == '/') $shortPath = '';
+// extra security check to avoid /photos/index/../.. like urls, maybe useless but..
+if (strpos($shortPath, '..') !== false) die(".. found in url");
 
 $folders = array();
 $imageFiles = array();