Skip to content
Browse files

Input validation: only allow valid usernames.

  • Loading branch information...
1 parent 5d860ba commit 6adc60a392d7b495e92a44794f31d84c8d070227 @sofar committed
Showing with 3 additions and 0 deletions.
  1. +3 −0 image.php
View
3 image.php
@@ -113,6 +113,9 @@ function pass_file_and_exit($file) {
if (isset($_GET['u']))
$user = $_GET['u'];
+if (array_search($user, $users) === FALSE)
+ die("-EINVAL\n");
+
$album = dirname($image);
# passtrhru unsized?

0 comments on commit 6adc60a

Please sign in to comment.
Something went wrong with that request. Please try again.