Knah-Tsaeb/Minigalnano
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

fix #35

Browse source
This commit is contained in:
Tom Canac 2014-06-22 22:13:12 +02:00
parent 6f6b9e1ca0
commit 071c9dddd2
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
index.php
View file

@ -152,7 +152,12 @@ $requestedDir = '';
if (!empty($_GET['dir'])) $requestedDir = $_GET['dir']; if (!empty($_GET['dir'])) $requestedDir = $_GET['dir'];
$thumbdir = rtrim('photos/'.$requestedDir,'/'); $thumbdir = rtrim('photos/'.$requestedDir,'/');
$thumbdir = str_replace('/..', '', $thumbdir); // Prevent directory traversal attacks. //$thumbdir = str_replace('/..', '', $thumbdir); // Prevent directory traversal attacks.
if(strstr($thumbdir, '..') !== FALSE) {
$requestedDir = '';
$thumbdir = rtrim('photos/','/');
}
$currentdir = GALLERY_ROOT . $thumbdir; $currentdir = GALLERY_ROOT . $thumbdir;
//----------------------- //-----------------------