mirror of
https://github.com/moodle/moodle.git
synced 2025-01-18 22:08:20 +01:00
Slight improvements to file security (scan for more bad characters)
This commit is contained in:
parent
6e07f68039
commit
780db23080
@ -358,7 +358,13 @@ function get_slash_arguments($i=0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (strpos($PATH_INFO, "..")) { // check for funny business
|
||||
if (strpos($PATH_INFO, "..")) { // check for parent URLs
|
||||
return false;
|
||||
}
|
||||
if (strpos($PATH_INFO, "|")) { // check for pipes
|
||||
return false;
|
||||
}
|
||||
if (strpos($PATH_INFO, "`")) { // check for backquotes
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -30,6 +30,7 @@
|
||||
|
||||
$lastmodified = filemtime($pathname);
|
||||
|
||||
if (file_exists($pathname)) {
|
||||
header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT");
|
||||
header("Expires: " . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT");
|
||||
header("Cache-control: max_age = $lifetime"); // a day
|
||||
@ -38,6 +39,7 @@
|
||||
header("Content-length: ".filesize($pathname));
|
||||
header("Content-type: image/jpeg");
|
||||
readfile("$pathname");
|
||||
}
|
||||
|
||||
exit;
|
||||
?>
|
||||
|
Loading…
x
Reference in New Issue
Block a user