ruben/folderweb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix static file path handling for security

Browse source 
Use REQUEST_URI and parse_url to properly handle paths Prevent directory
traversal with stricter sanitization
This commit is contained in:
Ruben 2025-10-02 17:19:15 +02:00
parent 2994f7cf6d
commit 19bb105303
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/static.php
View file

@ -1,6 +1,7 @@
<?php
// Serve static files from /app directory
$file = $_GET['file'] ?? '';
$requestUri = $_SERVER['REQUEST_URI'];
$file = preg_replace('#^/app/#', '', parse_url($requestUri, PHP_URL_PATH));
$file = str_replace(['../', '..\\'], '', $file); // Prevent directory traversal
// Map request paths to actual file paths