From cfbc2eee5d971d33c07597a992b41a1507b6fba5 Mon Sep 17 00:00:00 2001
From: nashe <thomas@chauchefoin.fr>
Date: Sun, 29 Apr 2018 23:31:20 +0200
Subject: Be more strict with $_GET[type] filtering before inclusion

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 7b7fbed..3a2c1e4 100755
--- a/index.php
+++ b/index.php
@@ -36,7 +36,7 @@ if (isset($_GET['type']) && $_GET['type'] == 'atom10') {
 //Go display
 if (!isset($_GET['type']) ||
     !is_file(__DIR__.'/custom/views/'.$_GET['type'].'/index.tpl.php') ||
-    strpos($_GET['type'], DIRECTORY_SEPARATOR)){
+    strpos($_GET['type'], DIRECTORY_SEPARATOR) || strpos($GET['type'], '..')){
     $_GET['type'] = 'default';
 }
 
-- 
cgit v1.2.1