summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPatrick Simianer <p@simianer.de>2016-06-08 16:20:22 +0200
committerPatrick Simianer <p@simianer.de>2016-06-08 16:20:22 +0200
commitf57095e878fa0c3ecb6192bca1d19f9fef89508c (patch)
tree03d1a2a4c83176ac64ac8323d9377cf47995cae1
parentc581250bc80e6bdd9ca5e8755b13904ea5b02eb2 (diff)
somewhat more secure
-rw-r--r--inc/db.inc.php5
1 files changed, 4 insertions, 1 deletions
diff --git a/inc/db.inc.php b/inc/db.inc.php
index ed45f7b..7356076 100644
--- a/inc/db.inc.php
+++ b/inc/db.inc.php
@@ -1,7 +1,10 @@
<?php
$SESSION_DIR="/srv/postedit/sessions";
-$json = file_get_contents($SESSION_DIR."/".$_GET["key"]."/data.json");
+$key = $_GET["key"];
+if (preg_match('/^[a-z0-9]{4}$/', $key)) {
+ $json = file_get_contents($SESSION_DIR."/".$key."/data.json");
+}
$db = json_decode($json);
?>