From 4a35600a748ef0f13786a8e83c100c15a7b68566 Mon Sep 17 00:00:00 2001
From: Marc MAURICE <dooblempub@positon.org>
Date: Thu, 7 Oct 2010 23:56:56 +0200
Subject: [PATCH] ../../ security check

---
 index.php |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/index.php b/index.php
index 1d72e79..a26ba60 100644
--- a/index.php
+++ b/index.php
@@ -66,6 +66,8 @@ if (! isset($_SERVER["PATH_INFO"])) {
 
 $shortPath = $_SERVER["PATH_INFO"];
 if ($shortPath == '/') $shortPath = '';
+// extra security check to avoid /photos/index/../.. like urls, maybe useless but..
+if (strpos($shortPath, '..') !== false) die(".. found in url");
 
 $folders = array();
 $imageFiles = array();
-- 
1.7.10.4