Slight improvements to file security (scan for more bad characters)

This commit is contained in:
moodler 2002-11-21 02:51:50 +00:00
parent 6e07f68039
commit 780db23080
2 changed files with 17 additions and 9 deletions

View File

@ -358,7 +358,13 @@ function get_slash_arguments($i=0) {
return false;
}
if (strpos($PATH_INFO, "..")) { // check for funny business
if (strpos($PATH_INFO, "..")) { // check for parent URLs
return false;
}
if (strpos($PATH_INFO, "|")) { // check for pipes
return false;
}
if (strpos($PATH_INFO, "`")) { // check for backquotes
return false;
}

View File

@ -30,6 +30,7 @@
$lastmodified = filemtime($pathname);
if (file_exists($pathname)) {
header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT");
header("Expires: " . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT");
header("Cache-control: max_age = $lifetime"); // a day
@ -38,6 +39,7 @@
header("Content-length: ".filesize($pathname));
header("Content-type: image/jpeg");
readfile("$pathname");
}
exit;
?>