view file is insecure #187
Labels
Comments
prasathmani
pushed a commit
that referenced
this issue
Jul 23, 2019
view file is insecure #187 Get files size (recursive) #186 There is no possibility for translation for some hints (title =) #185 View dirSize instead of word "Folder" #184 Document type detection #183 Stored Cross-site Scripting (XSS) Vulnerability detected in File Names #180 strings in code #177 Remove tracking #164
|
@satyr-software added your suggestion. |
ner00
pushed a commit
to ner00/tinyfilemanager
that referenced
this issue
May 7, 2023
view file is insecure prasathmani#187 Get files size (recursive) prasathmani#186 There is no possibility for translation for some hints (title =) prasathmani#185 View dirSize instead of word "Folder" prasathmani#184 Document type detection prasathmani#183 Stored Cross-site Scripting (XSS) Vulnerability detected in File Names prasathmani#180 strings in code prasathmani#177 Remove tracking prasathmani#164
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
File exclusion mask is applied on listing files, but not on views:
Short test:
Expected result:
Fix:
if ($file == '' || !is_file($path . '/' . $file) || in_array($file, $GLOBALS['exclude_items'])) {
Just before:
fm_set_msg('File not found', 'error');
The text was updated successfully, but these errors were encountered: