Prevent escaping current path by removing slash

That fixes the LFI issue at #8
DEMON1A · Aug 15, 2022 · 26556f3 · 26556f3
1 parent ca64a8b
commit 26556f3
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/utils/fileReader.py b/utils/fileReader.py
@@ -18,7 +18,7 @@
 
 def readFile(filePath):
     try:
-        filePath = filePath.replace('../', '')
+        filePath = filePath.replace('..', '')
 
         if not ALLOW_SYMLINKS:
             if islink(filePath):
@@ -60,4 +60,4 @@ def readFileByLines(filePath):
             return True
         else:
             showError(exceptionRule="File Error", Message=f"There's an error trying to open {filePath}")
-            return False
+            return False