Skip to content
Snippets Groups Projects
Commit 6216e485 authored by oyvind Gjesdal's avatar oyvind Gjesdal
Browse files

if outside either paths, send404

parent 4d3e23b7
No related branches found
No related tags found
1 merge request!5add check for static dir and static/img
Hide whitespace changes
Inline Side-by-side
classes/modules/staticModule.php
+ 2
2
View file @ 6216e485
...@@ -30,8 +30,8 @@ class StaticModule extends abstractModule{ ...@@ -30,8 +30,8 @@ class StaticModule extends abstractModule{
$imgdir = realpath($conf['static']['directory'] . "img"); $imgdir = realpath($conf['static']['directory'] . "img");
$resourcepath = realpath($conf['static']['directory'].$file); $resourcepath = realpath($conf['static']['directory'].$file);
// static resources should be in static or img dir (img may be symlinked) // static resources should be in static or img dir (img may be symlinked, check realpath of img as well)
if (not(strpos($resourcepath, $staticdir)=== 0 or strpos($resourcepath, $imgdir)=== 0)) { if (strpos($resourcepath, $staticdir)!== 0 and strpos($resourcepath, $imgdir)!== 0) {
HTTPStatus::send404($file); // send404 calls exit();// HTTPStatus::send404($file); // send404 calls exit();//
} }
$filenamearray =explode(".",$file); $filenamearray =explode(".",$file);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment