Closed Niols closed 9 years ago
I have to admit that this security fix was quite important, and I wasn't involved in it, so I can't really say if /..
is less safe than ..
.
Maybe someone with more experience on this type of topic on this may help ?
In my opinion, if this is not very possible, I think we can consider this as very specific, and don't fix it.
@Aldarone just got that fixed !
Humpf, rouvre la, j'avais pas pensé aux liens symboliques et ma correction empêche leur usage.
Raté, ça m'apprendra à aller trop vite !
Hehe, on ne peut pas tout avoir du premier coup. Merci @Aldarone et @tmos ! :)
Hello,
I'm using
..
in my dir names for days ranges ((2014-09-01..08)+Super+Party
), and I can't access my directory.It comes from this part of the code I guess (in
index.php
, line158
) :Maybe we could find a way to change this test (
strstr($thumbdir, '..') !== false
) without lowering the security ? Something likestrstr($thumndir, '/..') !== false
?Niols