From 896400d7be0a6d902897e29dfea98f3ac47bd3e1 Mon Sep 17 00:00:00 2001
From: David Aspinall
Date: Wed, 17 Nov 1999 20:29:27 +0000
Subject: Prevent access to ~ files too.

---
 html/fileshow.phtml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'html')

diff --git a/html/fileshow.phtml b/html/fileshow.phtml
index 5859634a..6e984bdf 100644
--- a/html/fileshow.phtml
+++ b/html/fileshow.phtml
@@ -5,7 +5,10 @@
   if ($title=="") { $title = $filename; };
   small_header($title);
   print "<pre>\n";
-  if (substr($filename,0,1)=="." or substr($filename,0,1)=="/") {
+  /* I hope this is enough to prevent access outside cwd */
+  if (substr($filename,0,1)=="." or 
+      substr($filename,0,1)=="/" or
+      substr($filename,0,1)=="~") {
      print "Sorry, can't show you that file!\n"; 
   } else {
      markup_plain_text($filename);
-- 
cgit v1.2.3