Commit 31632212 authored by Jean-Philippe Levy's avatar Jean-Philippe Levy
Browse files

Fix security issue with file parameter

parent 212cb6e4
......@@ -20,12 +20,17 @@
#########################################
*/
include_once("./request.php");
if(isset($_GET["file"])){
$dwn="/tmp/".$_GET["file"];
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=".$_GET["file"]);
flush();
readfile($dwn);
$file=basename($_GET["file"],".csv");
if($request[$file]) {
$dwn="/tmp/".$_GET["file"];
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=".$_GET["file"]);
flush();
readfile($dwn);
}
}
?>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment