From b7d895d39d91d4faafc496275b8687a210c6d452 Mon Sep 17 00:00:00 2001
From: paulr <me@pjr.cc>
Date: Mon, 28 Nov 2011 13:49:15 +1100
Subject: [PATCH] check for / in the image name and 403 if its there

---
 show.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/show.php b/show.php
index 701a301..b74356c 100644
--- a/show.php
+++ b/show.php
@@ -13,7 +13,7 @@ $this_url = "http://".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 
 if(isset($_REQUEST["showpic"])) {
 	// show the pic requested...
-	if(preg_match("/.*\\+.*/", $_REQUEST["showpic"])) {
+	if(preg_match("/.*\/+.*/", $_REQUEST["showpic"])) {
 		header("Status: 403 i dont think so");
 		error_log("throwing 403");
 		return;
@@ -28,7 +28,7 @@ if(isset($_REQUEST["showpic"])) {
 	}
 } else if(isset($_REQUEST["showtmp"])) {
 	// nothing yet
-	if(preg_match("/.*\\+.*/", $_REQUEST["showtmp"])) {
+	if(preg_match("/.*\/+.*/", $_REQUEST["showtmp"])) {
 		error_log("throwing 403");
 		header("Status: 403 i dont think so");
 		return;
-- 
1.7.0.4