Till Brehm
2014-01-20 c6e98947ce33445165e0077ee3a322f61f3003e4
Improved path regex in system.inc.php
1 files modified
2 ■■■ changed files
server/lib/classes/system.inc.php 2 ●●● patch | view | raw | blame | history
server/lib/classes/system.inc.php
@@ -851,7 +851,7 @@
        //* We allow only some characters in the path
        // * is allowed, for example it is part of wildcard certificates/keys: *.example.com.crt
        if(!preg_match('@^/[-a-zA-Z0-9_/.*~]{1,}$@', $path)) return false;
        if(!preg_match('@^/[-a-zA-Z0-9_/.*]{1,}[~]?$@', $path)) return false;
        //* Check path for symlinks
        $path_parts = explode('/', $path);