Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-07 00:56:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't allow directory traversal

Browse Source
This commit is contained in:
Matt Pass
2014-04-23 07:12:13 +01:00
parent 69d8ddce77
commit 078068e252
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/download.php
View File

@@ -2,7 +2,7 @@
include("headers.php");
include("settings.php");
$file = $docRoot.$iceRoot.str_replace("|","/",$_GET['file']);
$file = $docRoot.$iceRoot.str_replace("../","",str_replace("|","/",$_GET['file']));
if (file_exists($file)) {
header('Content-Description: File Transfer');