mirror_html/h5ai
1
0
Fork 0
mirror of https://github.com/lrsjng/h5ai.git synced 2025-03-21 13:00:10 +01:00
Code Issues Projects Releases Wiki Activity

Security bug fix.

Browse Source
This commit is contained in:
Lars Jung 2014-04-09 13:46:32 +02:00
parent 26b91794ce
commit e6f09d5ed0
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/_h5ai/server/php/inc/App.php
View File

@ -137,7 +137,7 @@ class App {
$abs_path = $this->get_abs_path($abs_href);
if (!is_dir($abs_path)) {
if (!is_dir($abs_path) || strpos($abs_path, '../') || strpos($abs_path, '/..') || $abs_path == '..') {
return 500;
}
@ -170,6 +170,11 @@ class App {
public function get_items($abs_href, $what) {
$code = $this->get_http_code($abs_href);
if ($code != App::$MAGIC_SEQUENCE) {
return array();
}
$cache = array();
$folder = Item::get($this, $this->get_abs_path($abs_href), $cache);