← Back to branch summary

~quam-plures-core/quam-plures/admin_look_and_feel

« back to all changes in this revision

Viewing changes to qp_srvc/getfile.php

  • Committer: yabs
  • Author(s): EdB
  • Date: 2010-10-20 14:54:48 UTC
  • mfrom: (7557.6.1 fix_double-dot_issue)
  • Revision ID: yabs@innervisions.org.uk-20101020145448-k2v9evu3hjui9fai
Fix .. in filenames bug

Show diffs side-by-side

added added

removed removed

Lines of Context:
qp_srvc/getfile.php
64
64
param( 'size', 'string', NULL );        // Can be used for images.
65
65
param( 'mtime', 'integer', 0 );     // used for unique URLs (that never expire).
66
66
 
67
 
if ( false !== strpos( urldecode( $path ), '..' ) )
 
67
if ( false !== strpos( urldecode( $path ), '../' ) )
68
68
{
69
69
        debug_die( 'Relative pathnames not allowed!' );
70
70
}