Skip to content
Permalink
Browse files Browse the repository at this point in the history
[php:security] re-fix directory traversal vulnerability for windows s…
…erver

rel. commit 157f471
  • Loading branch information
nao-pon committed Mar 28, 2018
1 parent a526df6 commit e635155
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion php/elFinder.class.php
Expand Up @@ -1624,7 +1624,7 @@ protected function zipdl($args) {
}
$file = $targets[1];
// checking the validity of the file parameter
if (strpos($file, DIRECTORY_SEPARATOR) !== false) {
if (strpos(str_replace('/', DIRECTORY_SEPARATOR, $file), DIRECTORY_SEPARATOR) !== false) {
return array('error' => 'File not found', 'header' => $h404, 'raw' => true);
}
$path = $volume->getTempPath().DIRECTORY_SEPARATOR.$file;
Expand Down

0 comments on commit e635155

Please sign in to comment.