mirrors/h5ai
1
0
Fork 0
mirror of https://github.com/lrsjng/h5ai.git synced 2025-05-28 05:54:48 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Security bug fix.

Browse source
This commit is contained in:
Lars Jung 2014-04-09 13:46:32 +02:00
parent 26b91794ce
commit e6f09d5ed0
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/_h5ai/server/php/inc/App.php
View file

@ -137,7 +137,7 @@ class App {
$abs_path = $this->get_abs_path($abs_href); $abs_path = $this->get_abs_path($abs_href);
if (!is_dir($abs_path)) { if (!is_dir($abs_path) || strpos($abs_path, '../') || strpos($abs_path, '/..') || $abs_path == '..') {
return 500; return 500;
} }
@ -170,6 +170,11 @@ class App {
public function get_items($abs_href, $what) { public function get_items($abs_href, $what) {
$code = $this->get_http_code($abs_href);
if ($code != App::$MAGIC_SEQUENCE) {
return array();
}
$cache = array(); $cache = array();
$folder = Item::get($this, $this->get_abs_path($abs_href), $cache); $folder = Item::get($this, $this->get_abs_path($abs_href), $cache);