From c4f5086a071b568f8c75a00dff71ee3266da7680 Mon Sep 17 00:00:00 2001
From: chrisaga <chrisaga@piwigo.org>
Date: Sun, 16 Apr 2006 10:58:00 +0000
Subject: - merge trunc r1186:1187 into branch 1.6 (security in action.php)

git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1190 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 action.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'action.php')

diff --git a/action.php b/action.php
index ef635a4d1..c20b07d3a 100644
--- a/action.php
+++ b/action.php
@@ -65,8 +65,11 @@ function force_download ($filename)
 //--------------------------------------------------------- download big picture
 if ( isset( $_GET['dwn'] ) )
 {
-//TODO : verify the path begins with './gallerie' and doesn't contains any '..'
-// in order to avoid hacking atempts
+//TODO : verify the path begins with something in galleries_url and that user has access rights to the picture
+// in order to avoid hacking atempts by forged url
+  if (preg_match('/\.\./',$_GET['dwn'])) {
+    die('Hacking attempt!');
+  }
   force_download($_GET['dwn']);
 }
 
-- 
cgit v1.2.3