diff options
Diffstat (limited to 'inc/functions.inc.php')
-rw-r--r-- | inc/functions.inc.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/inc/functions.inc.php b/inc/functions.inc.php index 6642e51..fed4b10 100644 --- a/inc/functions.inc.php +++ b/inc/functions.inc.php | |||
@@ -31,6 +31,11 @@ function validate_get($value, $type) { | |||
31 | } | 31 | } |
32 | 32 | ||
33 | function validateRRDPath($base, $path) { | 33 | function validateRRDPath($base, $path) { |
34 | $base = preg_replace('/\/$/', '', $base); | ||
35 | |||
36 | # resolve possible symlink | ||
37 | $base = realpath($base); | ||
38 | |||
34 | $realpath = realpath(sprintf('%s/%s', $base, $path)); | 39 | $realpath = realpath(sprintf('%s/%s', $base, $path)); |
35 | 40 | ||
36 | if (strpos($realpath, $base) === false) | 41 | if (strpos($realpath, $base) === false) |