From: paulr <me@pjr.cc>
Date: Mon, 28 Nov 2011 02:49:15 +0000 (+1100)
Subject: check for / in the image name and 403 if its there
X-Git-Url: http://git.pjr.cc/?p=quickshow.git;a=commitdiff_plain;h=b7d895d39d91d4faafc496275b8687a210c6d452

check for / in the image name and 403 if its there
---

diff --git a/show.php b/show.php
index 701a301..b74356c 100644
--- a/show.php
+++ b/show.php
@@ -13,7 +13,7 @@ $this_url = "http://".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 
 if(isset($_REQUEST["showpic"])) {
 	// show the pic requested...
-	if(preg_match("/.*\\+.*/", $_REQUEST["showpic"])) {
+	if(preg_match("/.*\/+.*/", $_REQUEST["showpic"])) {
 		header("Status: 403 i dont think so");
 		error_log("throwing 403");
 		return;
@@ -28,7 +28,7 @@ if(isset($_REQUEST["showpic"])) {
 	}
 } else if(isset($_REQUEST["showtmp"])) {
 	// nothing yet
-	if(preg_match("/.*\\+.*/", $_REQUEST["showtmp"])) {
+	if(preg_match("/.*\/+.*/", $_REQUEST["showtmp"])) {
 		error_log("throwing 403");
 		header("Status: 403 i dont think so");
 		return;