diff options
| -rw-r--r-- | files/open_file.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/files/open_file.php b/files/open_file.php index b91f72aaf31..ed1a1e47b1a 100644 --- a/files/open_file.php +++ b/files/open_file.php @@ -24,12 +24,16 @@ require_once('../inc/lib_base.php'); -$file=$_GET['file']; -$dir=(isset($_GET['dir']))?$_GET['dir']:''; -if(strstr($file,'..') or strstr($dir,'..')){ - die(); +if(isset($_GET['path'])){ + $filename=$_GET['path']; +}else{ + $file=$_GET['file']; + $dir=(isset($_GET['dir']))?$_GET['dir']:''; + $filename=$dir.'/'.$file; +} +if(strstr($filename,'..')){ + die(); } -$filename=$dir.'/'.$file; $filename=stripslashes($filename); $ftype=OC_FILESYSTEM::getMimeType($filename); ob_end_clean(); |