- Timestamp:
- Apr 16, 2006, 12:58:00 PM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/branch-1_6/action.php
r986 r1190 66 66 if ( isset( $_GET['dwn'] ) ) 67 67 { 68 //TODO : verify the path begins with './gallerie' and doesn't contains any '..' 69 // in order to avoid hacking atempts 68 //TODO : verify the path begins with something in galleries_url and that user has access rights to the picture 69 // in order to avoid hacking atempts by forged url 70 if (preg_match('/\.\./',$_GET['dwn'])) { 71 die('Hacking attempt!'); 72 } 70 73 force_download($_GET['dwn']); 71 74 }
Note: See TracChangeset
for help on using the changeset viewer.