diff options
| author | Joe7 <jozsef.rnagy@site.hu> | 2011-01-11 23:16:05 +0100 |
|---|---|---|
| committer | Joe7 <jozsef.rnagy@site.hu> | 2011-01-11 23:16:05 +0100 |
| commit | 7f6d87166df138073d85dd5201de8b9d19bc6cd2 (patch) | |
| tree | 0d24fb37da345bd8fa6a2a80d7ce703461f36c28 /modules/gallery | |
| parent | 9364f0d931883bb5f17f22c4003ee59256f9efb6 (diff) | |
Removed check as input value is compared against dataset of validated values, and request is only processed further in case of a match. => this is unnecessary
Diffstat (limited to 'modules/gallery')
| -rw-r--r-- | modules/gallery/controllers/file_proxy.php | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index 5ce9b458..47e1e483 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -44,11 +44,6 @@ class File_Proxy_Controller extends Controller { $file_uri = substr($request_uri, strlen($var_uri)); - // Make sure that we don't leave the var dir - if (strpos($file_uri, "/../") !== false) { - throw new Kohana_404_Exception(); - } - list ($type, $path) = explode("/", $file_uri, 2); if ($type != "resizes" && $type != "albums" && $type != "thumbs") { throw new Kohana_404_Exception(); |