Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed fm_selected parameter exploit
  • Loading branch information
winskie committed Jan 15, 2017
1 parent 261dbd5 commit 26841d9
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions inc/files/files.ctrl.php
Expand Up @@ -343,8 +343,15 @@
* @global Filelist
*/
$selected_Filelist = new Filelist( $fm_FileRoot, $ads_list_path );

// Prevent directory traversal using '..'
$re = '/\/?\.\.\/+/';
foreach( $fm_selected as $l_source_path )
{
if( preg_match( $re, $l_source_path ) )
{
debug_die( 'Invalid fm_selected parameter value' );
}
$selected_Filelist->add_by_subpath( urldecode($l_source_path), true );
}

Expand Down

0 comments on commit 26841d9

Please sign in to comment.