search

NamelessMC / Nameless

NamelessMC is a free, easy to use & powerful website software for your Minecraft server, which includes a large range of features.
https://namelessmc.com/
MIT License
601 stars 312 forks source link

Prevent directory traversal using language parameter #3470

Closed Derkades closed 8 months ago

Derkades commented 8 months ago

Fixes a very minor security issue, where in the installer anyone could check whether arbitrary json files exist on the system.

samerton commented 8 months ago

Should probably set open_basedir in the same was as we do in index.php, didn't realise this was not already there for the installer: https://github.com/NamelessMC/Nameless/blob/develop/index.php#L76

tadhgboyle commented 8 months ago

Should probably set open_basedir in the same was as we do in index.php, didn't realise this was not already there for the installer: https://github.com/NamelessMC/Nameless/blob/develop/index.php#L76

Can this be done in this PR or should a new one be made?