Skip to content

Commit

Permalink
Merge pull request #75 from cese/master
Browse files Browse the repository at this point in the history
Fix security issue (arbitrary file unlink)
  • Loading branch information
sebsauvage committed Feb 6, 2014
2 parents 0b4db7e + db66042 commit 8cae64d
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions index.php
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,10 @@ function processPasteDelete($pasteid,$deletetoken)
return array('','Paste does not exist, has expired or has been deleted.','');
}
}
else
{
return array('','Invalid data','');
}

if (!slow_equals($deletetoken, hash_hmac('sha1', $pasteid , getServerSalt()))) // Make sure token is valid.
{
Expand Down

0 comments on commit 8cae64d

Please sign in to comment.