Wrong directory handling in showpic.php
Status: Beta
Brought to you by:
davemj
Menu
▾
▴
#14 Wrong directory handling in showpic.php
File showpic.php:
When the variable $album contains multiple directories
i.e. myalbum1/subalbum
the regular expression
$album = preg_replace('/..\//','',
stripslashes($_GET['album']));
is evaluated wrong. It strips the last two characters of
the first album and the slash. The right expression is
$album = preg_replace('/\.\.\//','',
stripslashes($_GET['album']));
Best Regards,
Carsten Schumann
grypho@tempus-vivit.net
