git.shiar.nl
/
minimedit.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
2e1d431
)
thumb: validate path before extracting missing parts
author
Mischa POSLAWSKY
<perl@shiar.org>
Sun, 27 Dec 2020 01:36:04 +0000
(
02:36
+0100)
committer
Mischa POSLAWSKY
<perl@shiar.org>
Wed, 30 Dec 2020 23:22:16 +0000
(
00:22
+0100)
Silence PHP warning about undefined offset on invalid requests.
thumb/index.php
patch
|
blob
|
history
diff --git
a/thumb/index.php
b/thumb/index.php
index a6b5bd7d66cce6d27560b120955a3fae695aaaa1..7de4f456939152bd931f61a15094b4a061ebbe08 100644
(file)
--- a/
thumb/index.php
+++ b/
thumb/index.php
@@
-1,6
+1,10
@@
<?php
if (!$User) return;
-list ($size, $imgpath) = explode('/', ltrim($Page->path, '/'), 2);
+$imgpath = ltrim($Page->path, '/');
+if (!preg_match('{^[0-9x]+/}', $imgpath)) {
+ return;
+}
+list ($size, $imgpath) = explode('/', $imgpath, 2);
$imgpath = preg_replace('{^(?=[0-9]+/)}', 'data/', $imgpath, 1);
if (!file_exists($imgpath)) {