From d87ef46eeab8053201d1ac496d5609684e92ac9b Mon Sep 17 00:00:00 2001 From: ralf Date: Fri, 5 Apr 2024 20:38:30 +0200 Subject: [PATCH] be less restrictive with file-names, e.g. allow brackets --- api/anon_images.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/anon_images.php b/api/anon_images.php index 04d76d5e30..a523ee9585 100644 --- a/api/anon_images.php +++ b/api/anon_images.php @@ -31,7 +31,7 @@ function send_image() if (!file_exists($path) || empty($_GET['src']) || basename($_GET['src']) !== $_GET['src'] || // make sure no directory traversal - !preg_match('/^[a-z 0-9._-]+\.(jpe?g|png|gif|svg|ico|woff2)$/i', $_GET['src']) || // only allow images, not eg. Javascript! + !preg_match('/^[^\/]+\.(jpe?g|png|gif|svg|ico|woff2)$/i', $_GET['src']) || // only allow images, not eg. Javascript! !file_exists($path .= '/' . $_GET['src']) || !($fp = fopen($path, 'r'))) {