mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-10-01 01:26:10 -04:00
arbitrary JSON file disclosure correction
The following securit issue has been fixed: https://github.com/sebsauvage/ZeroBin/issues/30
This commit is contained in:
parent
d850f343e5
commit
c26c4a8bec
@ -315,7 +315,7 @@ class zerobin
|
||||
$dataid = $_SERVER['QUERY_STRING'];
|
||||
|
||||
// Is this a valid paste identifier?
|
||||
if (preg_match('/[a-f\d]{16}/', $dataid))
|
||||
if (preg_match('\A[a-f\d]{16}\z', $dataid))
|
||||
{
|
||||
// Check that paste exists.
|
||||
if ($this->_model()->exists($dataid))
|
||||
|
Loading…
Reference in New Issue
Block a user