Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-11 11:06:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

realpath $fileName, die if !exist or !$docRoot

Browse Source
This commit is contained in:
Matt Pass
2014-09-17 12:46:33 +01:00
parent fbfd58b788
commit a807e598fe
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/properties.php
View File

@@ -2,6 +2,13 @@
include("headers.php");
include("settings.php");
$t = $text['properties'];
// Establish the real absolute path to the file/folder
$fileName=realpath($docRoot.$iceRoot.str_replace("|","/",strClean($_GET['fileName'])));
// If it doesn't exist, or doesn't start with the $docRoot, stop here
if (!file_exists($fileName) || strpos($fileName,$docRoot) !== 0) {
die("<script>alert('Sorry, that file/folder doesn\'t appear to exist');</script>");
}
?>
<!DOCTYPE html>
@@ -17,9 +24,6 @@ $t = $text['properties'];
<h1 id="title"><?php echo $t['properties'];?></h1>
<?php
$fileName=$docRoot.$iceRoot.str_replace("|","/",strClean($_GET['fileName']));
?>
<h2><?php echo basename($fileName); ?></h2><br>
<span class="column" style="width: 180px"><?php echo $t['Size'];?>: <?php
$bytes = filesize($fileName);