diff options
author | Andrew Dolgov <[email protected]> | 2019-08-14 10:45:46 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2019-08-14 10:45:46 +0300 |
commit | 39f459eb0407cdf4bd0a072828300d161a0ef4e8 (patch) | |
tree | d50e1ef2e14629bf1b5460ada7d671a669f8dcdd /classes/handler | |
parent | d2f1cbfcb1da1277b0be0e527956a4f932bce00a (diff) |
public/cached_url: forbid sending files with extensions
Diffstat (limited to 'classes/handler')
-rwxr-xr-x | classes/handler/public.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/classes/handler/public.php b/classes/handler/public.php index 4c904231e..eb5363eab 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -1204,6 +1204,9 @@ class Handler_Public extends Handler { function cached_url() { list ($cache_dir, $filename) = explode("/", $_GET["file"], 2); + // we do not allow files with extensions at the moment + $filename = str_replace(".", "", $filename); + $cache = new DiskCache($cache_dir); if ($cache->exists($filename)) { |