Skip to content
Permalink
Browse files Browse the repository at this point in the history
quick fix to security issue
  • Loading branch information
jcampbell1 committed Apr 26, 2017
1 parent 9bd30e1 commit de52e7e
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions index.php
Expand Up @@ -47,6 +47,9 @@
err(404,'File or Directory Not Found');
if(substr($tmp, 0,strlen($tmp_dir)) !== $tmp_dir)
err(403,"Forbidden");
if(strpos($_REQUEST['file'], DIRECTORY_SEPARATOR) === 0)
err(403,"Forbidden");


if(!$_COOKIE['_sfm_xsrf'])
setcookie('_sfm_xsrf',bin2hex(openssl_random_pseudo_bytes(16)));
Expand Down

0 comments on commit de52e7e

Please sign in to comment.