Commit: 3f73316e2f0c30d21d784c1bc223e5d1330d06e7 Author: Anatol Belski <[email protected]> Thu, 7 Mar 2019 12:43:42 +0100 Parents: 1aab433e8668f8b737f2ad011c00ebf2b61fd58d Branches: master
Link: http://git.php.net/?p=web/windows.git;a=commitdiff;h=3f73316e2f0c30d21d784c1bc223e5d1330d06e7 Log: Ensure no rule is generated for invalid path Changed paths: M include/listing.php Diff: diff --git a/include/listing.php b/include/listing.php index b061eac..c908f06 100644 --- a/include/listing.php +++ b/include/listing.php @@ -231,6 +231,12 @@ function transform_fname_to_latest($fname_real, $ver, $cur_ver) function get_redirection_conf_piece($tpl, $fname_real, $ver, $cur_ver) { + $real_fname_path = DOCROOT . $fname_real; + if (".zip" != substr($fname_real, strlen($fname_real)-4) || !is_file($real_fname_path)) { + /* This might be something invalid like a partially uploaded file or wrong path, don't generate anything. */ + return ""; + } + $search = array("REAL_FILENAME", "FAKE_FILENAME"); $fname_fake = transform_fname_to_latest($fname_real, $ver, $cur_ver); $ret = str_replace($search, array($fname_real, $fname_fake), $tpl); -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
