Security fix

Signed-off-by: Valérian Saliou <valerian@valeriansaliou.name>
jappix · Aug 5, 2015 · bdb099b · bdb099b
1 parent 0024ae0
commit bdb099b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/server/file-share.php b/server/file-share.php
@@ -61,7 +61,7 @@
     $thumb_xml = '';
 
     // Forbidden file?
-    if(!isSafeAllowed($filename) || !isSafeAllowed($name.'.'.$ext)) {
+    if(!isSafeAllowed($user) || !isSafeAllowed($filename) || !isSafeAllowed($name.'.'.$ext)) {
         exit(
 '<jappix xmlns=\'jappix:file:post\'>
     <error>forbidden-type</error>