check extension and path traversal

This commit is contained in:
Diego Najar 2019-03-10 18:28:29 +01:00
parent d0843a4070
commit 2d535ad612

View File

@ -31,7 +31,7 @@ $tmpFilename = $username.'.'.$fileExtension;
$filename = $username.'.png';
// Check path traversal
if (Text::stringContains($username, '/', false)) {
if (Text::stringContains($username, DS, false)) {
$message = 'Path traversal detected.';
Log::set($message, LOG_TYPE_ERROR);
ajaxResponse(1, $message);