mirror of
https://github.com/DataTables/DataTables.git
synced 2025-01-18 11:52:11 +01:00
Fix - examples: Tighten up regex check to protect against LFI vulnerability
Credit to Arnaud Labenne of Dotsafe.fr for finding and reporting this.
This commit is contained in:
parent
e9b3c4aff1
commit
3b24f99ac4
@ -1 +1 @@
|
||||
98b54ed7a2e4ee6b8156d01f398dfa50d7d5c475
|
||||
b321f136f34e595f3c3a7ea9fef6888cc2fa87f7
|
||||
|
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
|
||||
if ( isset( $_POST['src'] ) && preg_match( '/scripts\/[a-zA-Z_\-_]+\.php/', $_POST['src'] ) !== 0 ) {
|
||||
if ( isset( $_POST['src'] ) && preg_match( '/^scripts\/[a-zA-Z_\-_]+\.php$/', $_POST['src'] ) !== 0 ) {
|
||||
echo htmlspecialchars( file_get_contents( '../server_side/'.$_POST['src'] ) );
|
||||
}
|
||||
else {
|
||||
|
Loading…
x
Reference in New Issue
Block a user