maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

secure commonly used filename-variable against url manipulation

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2021-08-25 16:36:09 +02:00
parent 5d375b784d
commit 21983f27b6
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/init.php
View File

@@ -103,7 +103,7 @@ unset($_);
unset($value); unset($value);
unset($key); unset($key);
$filename = htmlentities(basename($_SERVER['PHP_SELF'])); $filename = htmlentities(basename($_SERVER['SCRIPT_NAME']));
// check whether the userdata file exists // check whether the userdata file exists
if (! file_exists(\Froxlor\Froxlor::getInstallDir() . '/lib/userdata.inc.php')) { if (! file_exists(\Froxlor\Froxlor::getInstallDir() . '/lib/userdata.inc.php')) {