diff options
author | Patrick Simianer <p@simianer.de> | 2016-06-08 16:20:22 +0200 |
---|---|---|
committer | Patrick Simianer <p@simianer.de> | 2016-06-08 16:20:22 +0200 |
commit | f57095e878fa0c3ecb6192bca1d19f9fef89508c (patch) | |
tree | 03d1a2a4c83176ac64ac8323d9377cf47995cae1 | |
parent | c581250bc80e6bdd9ca5e8755b13904ea5b02eb2 (diff) |
somewhat more secure
-rw-r--r-- | inc/db.inc.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/inc/db.inc.php b/inc/db.inc.php index ed45f7b..7356076 100644 --- a/inc/db.inc.php +++ b/inc/db.inc.php @@ -1,7 +1,10 @@ <?php $SESSION_DIR="/srv/postedit/sessions"; -$json = file_get_contents($SESSION_DIR."/".$_GET["key"]."/data.json"); +$key = $_GET["key"]; +if (preg_match('/^[a-z0-9]{4}$/', $key)) { + $json = file_get_contents($SESSION_DIR."/".$key."/data.json"); +} $db = json_decode($json); ?> |