mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-03-22 13:10:41 +08:00
arbitrary JSON file disclosure correction
The following securit issue has been fixed: https://github.com/sebsauvage/ZeroBin/issues/30
This commit is contained in:
parent
d850f343e5
commit
c26c4a8bec
|
@ -315,7 +315,7 @@ class zerobin
|
||||||
$dataid = $_SERVER['QUERY_STRING'];
|
$dataid = $_SERVER['QUERY_STRING'];
|
||||||
|
|
||||||
// Is this a valid paste identifier?
|
// Is this a valid paste identifier?
|
||||||
if (preg_match('/[a-f\d]{16}/', $dataid))
|
if (preg_match('\A[a-f\d]{16}\z', $dataid))
|
||||||
{
|
{
|
||||||
// Check that paste exists.
|
// Check that paste exists.
|
||||||
if ($this->_model()->exists($dataid))
|
if ($this->_model()->exists($dataid))
|
||||||
|
|
Loading…
Reference in New Issue
Block a user