Path check on presence ".."
Brought to you by:
bderstine
Menu
▾
▴
#1 Path check on presence ".."
open
nobody
None
5
2009-04-12
2009-04-12
Anonymous
No
File: download.php
It seems to me that instead of string:
if(strpos($fullfilename,"..")==true){
Should be:
if(strpos($fullfilename,'..')!==false){
For example: function strpos ('./path/file.zip ', '. ') will return 0 which it will be transformed to false
Sorry: function strpos ('../path/file.zip ', '. ') will return 0 which
it will be transformed to false