extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-10-06 01:52:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

WIP of background & logo image upload into instance dir:

Browse Source 
- Fix regexp can not cope with spaces
This commit is contained in:
Hadi Nategh 2017-04-28 14:21:50 +02:00
parent 5a2df924eb
commit 695cf12ded
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/anon_images.php
View File

@ -25,7 +25,7 @@ $path = $GLOBALS['egw_info']['server']['files_dir'].'/anon-images';
if (!file_exists($path) || empty($_GET['src']) ||
basename($_GET['src']) !== $_GET['src'] || // make sure no directory traversal
!preg_match('/^[a-z0-9._-]+\.(jpe?g|png|gif|svg)$/i', $_GET['src']) || // only allow images, not eg. Javascript!
!preg_match('/^[a-z 0-9._-]+\.(jpe?g|png|gif|svg)$/i', $_GET['src']) || // only allow images, not eg. Javascript!
!file_exists($path .= '/'.$_GET['src']) ||
!($fp = fopen($path, 'r')))
{