scratch – Diff between revs 96 and 102
?pathlinks?
| Rev 96 | Rev 102 | |||
|---|---|---|---|---|
| Line 73... | Line 73... | |||
| 73 | $config['STORE_FOLDER'], |
73 | $config['STORE_FOLDER'], |
|
| 74 | $file |
74 | $file |
|
| 75 | ) |
75 | ) |
|
| 76 | ); |
76 | ); |
|
| Line 77... | Line 77... | |||
| 77 | |
77 | |
|
| 78 | #### Check for path traversals |
78 | #### Check for path traversals. |
|
| 79 | $pathPart = pathinfo($userPath.'.'.$fileExtension); |
79 | $pathPart = pathinfo($userPath.'.'.$fileExtension); |
|
| 80 | if (strcasecmp( |
80 | if (strcasecmp( |
|
| 81 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
81 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
|
| 82 | http_response_code(500); |
82 | http_response_code(500); |
|