diff options
| -rw-r--r-- | inc/db.inc.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/inc/db.inc.php b/inc/db.inc.php index ed45f7b..7356076 100644 --- a/inc/db.inc.php +++ b/inc/db.inc.php @@ -1,7 +1,10 @@ <?php $SESSION_DIR="/srv/postedit/sessions"; -$json = file_get_contents($SESSION_DIR."/".$_GET["key"]."/data.json"); +$key = $_GET["key"]; +if (preg_match('/^[a-z0-9]{4}$/', $key)) { + $json = file_get_contents($SESSION_DIR."/".$key."/data.json"); +} $db = json_decode($json); ?> |