mirror of
https://github.com/prasathmani/tinyfilemanager
synced 2024-05-08 00:26:36 +02:00
Deploy path traversal fix (#953)
Co-authored-by: root <root@chevaliers.lan>
This commit is contained in:
parent
dd1ba6795c
commit
cddd7eaab0
|
@ -1065,6 +1065,15 @@ if (isset($_POST['group'], $_POST['token']) && (isset($_POST['zip']) || isset($_
|
||||||
}
|
}
|
||||||
|
|
||||||
$files = $_POST['file'];
|
$files = $_POST['file'];
|
||||||
|
$sanitized_files = array();
|
||||||
|
|
||||||
|
// clean path
|
||||||
|
foreach($files as $file){
|
||||||
|
array_push($sanitized_files, fm_clean_path($file));
|
||||||
|
}
|
||||||
|
|
||||||
|
$files = $sanitized_files;
|
||||||
|
|
||||||
if (!empty($files)) {
|
if (!empty($files)) {
|
||||||
chdir($path);
|
chdir($path);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue