This commit is contained in:
Tom Canac 2014-06-22 22:13:12 +02:00
parent 6f6b9e1ca0
commit 071c9dddd2

View file

@ -152,7 +152,12 @@ $requestedDir = '';
if (!empty($_GET['dir'])) $requestedDir = $_GET['dir'];
$thumbdir = rtrim('photos/'.$requestedDir,'/');
$thumbdir = str_replace('/..', '', $thumbdir); // Prevent directory traversal attacks.
//$thumbdir = str_replace('/..', '', $thumbdir); // Prevent directory traversal attacks.
if(strstr($thumbdir, '..') !== FALSE) {
$requestedDir = '';
$thumbdir = rtrim('photos/','/');
}
$currentdir = GALLERY_ROOT . $thumbdir;
//-----------------------