diff options
| author | Valérian Saliou <valerian@valeriansaliou.name> | 2015-08-05 08:42:54 +0300 |
|---|---|---|
| committer | Valérian Saliou <valerian@valeriansaliou.name> | 2015-08-05 08:42:54 +0300 |
| commit | bdb099bc6e494fe76a4bf4e4f21acf6ec8a300aa (patch) | |
| tree | e771905ab2461622c844e7eca5b7be36d6feeb8f | |
| parent | 0024ae014f6f33769b2a816faa91919ec0be956b (diff) | |
Security fix
Signed-off-by: Valérian Saliou <valerian@valeriansaliou.name>
| -rw-r--r-- | server/file-share.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/server/file-share.php b/server/file-share.php index 5d5599bf..0981be47 100644 --- a/server/file-share.php +++ b/server/file-share.php @@ -61,7 +61,7 @@ if((isset($_FILES['file']) && !empty($_FILES['file'])) && (isset($_POST['user']) $thumb_xml = ''; // Forbidden file? - if(!isSafeAllowed($filename) || !isSafeAllowed($name.'.'.$ext)) { + if(!isSafeAllowed($user) || !isSafeAllowed($filename) || !isSafeAllowed($name.'.'.$ext)) { exit( '<jappix xmlns=\'jappix:file:post\'> <error>forbidden-type</error> |