From 3b2da39469f7a4636ed250ed0d33f4efff38be26 Mon Sep 17 00:00:00 2001 From: Molkobain Date: Wed, 22 Nov 2023 18:02:50 +0100 Subject: [PATCH] =?UTF-8?q?N=C2=B06989=20-=20Security=20hardening?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pages/exec.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pages/exec.php b/pages/exec.php index 3db08bc6e..dd233aac8 100644 --- a/pages/exec.php +++ b/pages/exec.php @@ -48,8 +48,9 @@ session_write_close(); $sTargetPage = APPROOT.'env-'.$sEnvironment.'/'.$sModule.'/'.$sPage; -if (!file_exists($sTargetPage)) -{ +if (!file_exists($sTargetPage) + || (strtolower(pathinfo($sTargetPage, PATHINFO_EXTENSION)) !== "php") +) { // Do not recall the parameters (security takes precedence) echo "Wrong module, page name or environment..."; exit;