Ellpeck/ObsidianJustSharePlease
1
0
Fork 0
mirror of https://github.com/Ellpeck/ObsidianJustSharePlease.git synced 2024-11-26 20:28:34 +01:00
Code Issues Projects Releases Wiki Activity

prevent directory traversal on server

Browse source
This commit is contained in:
Ell 2023-08-18 13:03:03 +02:00
parent d852b61a67
commit 3c59ee5de9
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
server/public/share.php
View file

@ -114,13 +114,14 @@ function get_markdown_content(): ?string {
} }
function get_markdown_path(string $id): string { function get_markdown_path(string $id): string {
return get_data_path() . $id . ".md"; return get_id_base_path($id) . ".md";
} }
function get_meta_path(string $id): string { function get_meta_path(string $id): string {
return get_data_path() . $id . ".json"; return get_id_base_path($id) . ".json";
} }
function get_data_path(): string { function get_id_base_path(string $id): string {
return dirname(getcwd()) . "/data/"; // ensure id can't be used to traverse into other directories
return dirname(getcwd()) . "/data/" . basename($id);
} }