Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-03 07:13:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't check paths if we're uploading

Browse Source
This commit is contained in:
Matt Pass
2014-09-18 16:07:39 +01:00
parent 7adefd1ff0
commit e47b21ce80
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/file-control.php
View File

@@ -36,7 +36,7 @@ $allFiles = explode(";",$file);
for ($i=0; $i<count($allFiles); $i++) {
// Die if the file requested isn't something we expect
if(
($_GET['action']!="getRemoteFile" && strpos(realpath($allFiles[$i]),realpath($docRoot)) !== 0) ||
($_GET['action']!="getRemoteFile" && $_GET['action']!="upload" && strpos(realpath($allFiles[$i]),realpath($docRoot)) !== 0) ||
($_GET['action']=="getRemoteFile" && strpos($allFiles[$i],"http") !== 0)
) {
die("alert('Sorry - problem with file/folder requested');window.history.back();</script>");