arbitrary JSON file disclosure correction

The following securit issue has been fixed:
https://github.com/sebsauvage/ZeroBin/issues/30
This commit is contained in:
Sébastien SAUVAGE 2013-10-31 22:53:22 +01:00 committed by Simon Rupf
parent d850f343e5
commit c26c4a8bec
1 changed files with 1 additions and 1 deletions

View File

@ -315,7 +315,7 @@ class zerobin
$dataid = $_SERVER['QUERY_STRING']; $dataid = $_SERVER['QUERY_STRING'];
// Is this a valid paste identifier? // Is this a valid paste identifier?
if (preg_match('/[a-f\d]{16}/', $dataid)) if (preg_match('\A[a-f\d]{16}\z', $dataid))
{ {
// Check that paste exists. // Check that paste exists.
if ($this->_model()->exists($dataid)) if ($this->_model()->exists($dataid))