arbitrary JSON file disclosure correction
The following securit issue has been fixed: https://github.com/sebsauvage/ZeroBin/issues/30
This commit is contained in:
parent
d850f343e5
commit
c26c4a8bec
|
@ -315,7 +315,7 @@ class zerobin
|
|||
$dataid = $_SERVER['QUERY_STRING'];
|
||||
|
||||
// Is this a valid paste identifier?
|
||||
if (preg_match('/[a-f\d]{16}/', $dataid))
|
||||
if (preg_match('\A[a-f\d]{16}\z', $dataid))
|
||||
{
|
||||
// Check that paste exists.
|
||||
if ($this->_model()->exists($dataid))
|
||||
|
|
Loading…
Reference in New Issue