aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorchrisaga <chrisaga@piwigo.org>2006-04-16 10:58:00 +0000
committerchrisaga <chrisaga@piwigo.org>2006-04-16 10:58:00 +0000
commitc4f5086a071b568f8c75a00dff71ee3266da7680 (patch)
tree7450fa301a03677bc50750ce348332cd4ce8ac57
parente923145cecbe98a74af133ddc5f47e50fec13693 (diff)
- merge trunc r1186:1187 into branch 1.6 (security in action.php)
git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1190 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--action.php7
1 files changed, 5 insertions, 2 deletions
diff --git a/action.php b/action.php
index ef635a4d1..c20b07d3a 100644
--- a/action.php
+++ b/action.php
@@ -65,8 +65,11 @@ function force_download ($filename)
//--------------------------------------------------------- download big picture
if ( isset( $_GET['dwn'] ) )
{
-//TODO : verify the path begins with './gallerie' and doesn't contains any '..'
-// in order to avoid hacking atempts
+//TODO : verify the path begins with something in galleries_url and that user has access rights to the picture
+// in order to avoid hacking atempts by forged url
+ if (preg_match('/\.\./',$_GET['dwn'])) {
+ die('Hacking attempt!');
+ }
force_download($_GET['dwn']);
}