check extension and path traversal
This commit is contained in:
parent
d0843a4070
commit
2d535ad612
@ -31,7 +31,7 @@ $tmpFilename = $username.'.'.$fileExtension;
|
||||
$filename = $username.'.png';
|
||||
|
||||
// Check path traversal
|
||||
if (Text::stringContains($username, '/', false)) {
|
||||
if (Text::stringContains($username, DS, false)) {
|
||||
$message = 'Path traversal detected.';
|
||||
Log::set($message, LOG_TYPE_ERROR);
|
||||
ajaxResponse(1, $message);
|
||||
|
Loading…
Reference in New Issue
Block a user