Prevent Path Traversal

This commit is contained in:
seiichiro 2022-01-11 17:06:45 +01:00
parent 81ae8f3016
commit 2506b5b6f0

View file

@ -41,7 +41,11 @@ if (isset($_SESSION['files'])
} else { } else {
$r_imagedir = realpath($imagedir.$dir); $r_imagedir = realpath($imagedir.$dir);
if ($r_imagedir === false || strcmp($r_imagedir, $r_basedir . DIRECTORY_SEPARATOR) !== 0) { if ($r_imagedir === false || strcmp($r_imagedir, $r_basedir . DIRECTORY_SEPARATOR) !== 0) {
print_r($r_basedir);
print_r($r_imagedir);
print "Path Traversal Detected!"; print "Path Traversal Detected!";
exit(); exit();
} }