Skip to content
This repository was archived by the owner on Mar 28, 2019. It is now read-only.

Commit de31736

Browse files
ngsankhangsankha
committed
Checking for illegal filenames added
Fixes #6
1 parent 7052e44 commit de31736

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

eval.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,10 @@
1515
$query = "SELECT status FROM users WHERE username='".$_SESSION['username']."'";
1616
$result = mysql_query($query);
1717
$status = mysql_fetch_array($result);
18+
if (!preg_match("/^[^\\/?* :;{}\\\\]+\\.[^\\/?*: ;{}\\\\]{1,4}$/", $_POST['filename']))
19+
header("Location: solve.php?ferror=1&id=".$_POST['id']); // invalid filename
1820
// check if the user is banned or allowed to submit and SQL Injection checks
19-
if($accept['accept'] == 1 and $status['status'] == 1 and is_numeric($_POST['id'])) {
21+
else if($accept['accept'] == 1 and $status['status'] == 1 and is_numeric($_POST['id'])) {
2022
$soln = mysql_real_escape_string($_POST['soln']);
2123
$filename = mysql_real_escape_string($_POST['filename']);
2224
$lang = mysql_real_escape_string($_POST['lang']);

0 commit comments

Comments
 (0)