diff options
Diffstat (limited to '')
| -rw-r--r-- | include/functions.inc.php | 14 | ||||
| -rw-r--r-- | include/ws_functions.inc.php | 6 |
2 files changed, 20 insertions, 0 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php index 093f207e9..513054ab9 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -1540,4 +1540,18 @@ function convert_charset($str, $source_charset, $dest_charset) } return $str; //??? } + +/** + * makes sure a index.htm protects the directory from browser file listing + * + * @param string dir directory + */ +function secure_directory($dir) +{ + $file = $dir.'/index.htm'; + if (!file_exists($file)) + { + @file_put_contents($file, 'Not allowed!'); + } +} ?>
\ No newline at end of file diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index ba7987c8e..f70810ccd 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -951,6 +951,8 @@ SELECT } } + secure_directory($upload_dir); + // compute file path $date_string = preg_replace('/[^\d]/', '', $dbnow); $random_string = substr($params['file_sum'], 0, 8); @@ -994,6 +996,8 @@ SELECT } } + secure_directory($thumbnail_dir); + // thumbnail path, the filename may use a prefix and the extension is // always "jpg" (no matter what the real file format is) $thumbnail_path = sprintf( @@ -1044,6 +1048,8 @@ SELECT } } + secure_directory($high_dir); + // high resolution path, same name as web size file $high_path = sprintf( '%s/%s.%s', |