From ec134fa2e36263961b379a3a2d75cf91002db6f3 Mon Sep 17 00:00:00 2001 From: frederik Date: Sun, 17 Mar 2024 11:42:02 +0100 Subject: [PATCH] prevent directory traversal --- scripts/play.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/play.php b/scripts/play.php index 5e2bfc7..0ec8750 100644 --- a/scripts/play.php +++ b/scripts/play.php @@ -15,6 +15,10 @@ $db->busyTimeout(1000); if(isset($_GET['deletefile'])) { ensure_authenticated('You must be authenticated to delete files.'); + if (preg_match('~^.*(\.\.\/).+$~', $_GET['deletefile'])) { + echo "Error"; + die(); + } $db_writable = new SQLite3('./scripts/birds.db', SQLITE3_OPEN_READWRITE); $db->busyTimeout(1000); $statement1 = $db_writable->prepare('DELETE FROM detections WHERE File_Name = :file_name LIMIT 1');