check for / in the image name and 403 if its there

diff --git a/show.php b/show.php
index 701a301..b74356c 100644 (file)
--- a/show.php
+++ b/show.php
@@ -13,7 +13,7 @@ $this_url = "http://".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 
 if(isset($_REQUEST["showpic"])) {
        // show the pic requested...
-       if(preg_match("/.*\\+.*/", $_REQUEST["showpic"])) {
+       if(preg_match("/.*\/+.*/", $_REQUEST["showpic"])) {
                header("Status: 403 i dont think so");
                error_log("throwing 403");
                return;
@@ -28,7 +28,7 @@ if(isset($_REQUEST["showpic"])) {
        }
 } else if(isset($_REQUEST["showtmp"])) {
        // nothing yet
-       if(preg_match("/.*\\+.*/", $_REQUEST["showtmp"])) {
+       if(preg_match("/.*\/+.*/", $_REQUEST["showtmp"])) {
                error_log("throwing 403");
                header("Status: 403 i dont think so");
                return;