cgi-bin/text-to-html-filter.cgi: security check on path prefix

This commit is contained in:
Silvan Calarco 2021-08-02 09:55:39 +02:00
parent ba336825f1
commit 9a8139f571

View File

@ -4,7 +4,7 @@ ext=${file/*.}
range=10000
filename="/var/www/www.openmamba.org/$file"
filename_check=`readlink -f $filename`
[ "${filename_check:0:27}" = "/mnt/sdc1/ftp/pub/openmamba" ] || exit 0
[ "${filename_check:0:22}" = "/var/ftp/pub/openmamba" ] || exit 0
if [ "$page" ]; then
[ $page -gt 0 ] || page=1
else