From 7f6d87166df138073d85dd5201de8b9d19bc6cd2 Mon Sep 17 00:00:00 2001
From: Joe7 <jozsef.rnagy@site.hu>
Date: Tue, 11 Jan 2011 23:16:05 +0100
Subject: Removed check as input value is compared against dataset of validated
 values, and request is only processed further in case of a match. => this is
 unnecessary

---
 modules/gallery/controllers/file_proxy.php | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php
index 5ce9b458..47e1e483 100644
--- a/modules/gallery/controllers/file_proxy.php
+++ b/modules/gallery/controllers/file_proxy.php
@@ -44,11 +44,6 @@ class File_Proxy_Controller extends Controller {
 
     $file_uri = substr($request_uri, strlen($var_uri));
 
-    // Make sure that we don't leave the var dir
-    if (strpos($file_uri, "/../") !== false) {
-      throw new Kohana_404_Exception();
-    }
-
     list ($type, $path) = explode("/", $file_uri, 2);
     if ($type != "resizes" && $type != "albums" && $type != "thumbs") {
       throw new Kohana_404_Exception();
-- 
cgit v1.2.3