Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-08 01:26:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Disallow traversing to parent dir

Browse Source
This commit is contained in:
Matt Pass
2013-01-15 11:54:12 +00:00
parent 4da7024f91
commit 0c4741c793
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/file-control.php
View File

@@ -98,7 +98,7 @@ if ($_GET['action']=="upload") {
class fileUploader {
public function __construct($uploads) {
global $docRoot;
$uploadDir=$docRoot.$iceRoot.str_replace("|","/",strClean($_POST['folder'])."/");
$uploadDir=$docRoot.$iceRoot.str_replace("..","",str_replace("|","/",strClean($_POST['folder'])."/"));
foreach($uploads as $current) {
$this->uploadFile=$uploadDir.$current->name;
$fileName = $current->name;