From fa48d0d2f059fb8921e895b9e20e79de3c726154 Mon Sep 17 00:00:00 2001 From: Matt Pass Date: Sat, 26 Apr 2014 12:24:01 +0100 Subject: [PATCH] Strip ../ so we don't have dir traversal vuln --- lib/file-control.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/file-control.php b/lib/file-control.php index ba5538f..7340f3b 100644 --- a/lib/file-control.php +++ b/lib/file-control.php @@ -14,8 +14,8 @@ $file = str_replace("|","/",strClean( : $_GET['file'] )); -// Trim any +'s or spaces from the end of file -$file = rtrim(rtrim($file,'+'),' '); +// Trim any +'s or spaces from the end of file and clear any ../'s +$file = str_replace("../","",rtrim(rtrim($file,'+'),' ')); // Make $file a full path and establish the $fileLoc and $fileName if (strpos($file,$docRoot)===false && $_GET['action']!="getRemoteFile") {$file=str_replace("|","/",$docRoot.$iceRoot.$file);};