diff options
| author |  David Aspinall <da@inf.ed.ac.uk> | 2001-09-13 15:55:18 +0000 |
|---|---|---|
| committer | David Aspinall <da@inf.ed.ac.uk> | 2001-09-13 15:55:18 +0000 |
| commit | 5ab3d3c821df9dbe713fd2d4750b3968de3a3b74 (patch) | |
| tree | 804b0dd856bde175a742423fe5e18ee295fe778c /html | |
| parent | 954af91adb23aaae6203ccc228d20d7185445450 (diff) | |
Fix two more gaping holes letting people examine whole filesystem (also fixed in server anyway)
Diffstat (limited to 'html')
| -rw-r--r-- | html/smallpage.php | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/html/smallpage.php b/html/smallpage.php index 64f538a3..ef165c6d 100644 --- a/html/smallpage.php +++ b/html/smallpage.php @@ -1,6 +1,12 @@ <?php require('functions.php3'); small_header($title); - include($file); + if (substr($file,0,1)=="." or + substr($file,0,1)=="/" or + substr($file,0,1)=="~") { + print "Sorry, can't show you that file!\n"; + } else { + include($file); + } footer(); ?> |