From be27c9fd4fc24205475c1f8eb4332bde6959c8dc Mon Sep 17 00:00:00 2001
From: TheTroll <trolldev@gmail.com>
Date: Tue, 23 Mar 2010 13:59:27 +0100
Subject: Now check URL validity

---
 bin/files.php | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'bin/files.php')

diff --git a/bin/files.php b/bin/files.php
index e7ffaa9..123644e 100755
--- a/bin/files.php
+++ b/bin/files.php
@@ -161,6 +161,14 @@ function filesgetlisting($dir)
 	$filelisting = array();
 	$folderlisting = array();
 
+	// Check dir
+	if (!isurlvalid($dir, "media") && !isurlvalid($dir, "rec"))
+		return array();
+
+	// Dont allow ..
+	if (preg_match("$\.\.$", $dir))
+		return array();
+
 	$dir_handle = @opendir($dir);
 	if (!$dir_handle)
 		return array();
-- 
cgit v1.2.3