diff options
| author | David Aspinall | 1999-11-17 20:29:27 +0000 |
|---|---|---|
| committer | David Aspinall | 1999-11-17 20:29:27 +0000 |
| commit | 896400d7be0a6d902897e29dfea98f3ac47bd3e1 (patch) | |
| tree | f1b087e8271a38b3e75b54263bada4b05ad4e89d /html | |
| parent | 9b8e1d43f08282a824c4c8db782593475411d791 (diff) | |
Prevent access to ~ files too.
Diffstat (limited to 'html')
| -rw-r--r-- | html/fileshow.phtml | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/html/fileshow.phtml b/html/fileshow.phtml index 5859634a..6e984bdf 100644 --- a/html/fileshow.phtml +++ b/html/fileshow.phtml @@ -5,7 +5,10 @@ if ($title=="") { $title = $filename; }; small_header($title); print "<pre>\n"; - if (substr($filename,0,1)=="." or substr($filename,0,1)=="/") { + /* I hope this is enough to prevent access outside cwd */ + if (substr($filename,0,1)=="." or + substr($filename,0,1)=="/" or + substr($filename,0,1)=="~") { print "Sorry, can't show you that file!\n"; } else { markup_plain_text($filename); |