Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2026-01-23 02:35:23 +00:00
Code Issues Projects Releases Wiki Activity

ensure template cookie cannot be a path

Browse source
This commit is contained in:
El RIDO 2025-11-11 17:52:48 +01:00
parent a371f5cab5
commit f456fb576e
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lib/TemplateSwitcher.php
View file

@ -73,8 +73,11 @@ class TemplateSwitcher
*/
public static function getTemplate(): string
{
if (array_key_exists('template', $_COOKIE) && self::isTemplateAvailable($_COOKIE['template'])) {
return $_COOKIE['template'];
if (array_key_exists('template', $_COOKIE)) {
$template = basename($_COOKIE['template']);
if (self::isTemplateAvailable($template)) {
return $template;
}
}
return self::$_templateFallback;
}