FbIN/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2026-04-22 06:36:18 +05:30
Code Issues Projects Releases Packages Wiki Activity

ensure template cookie cannot be a path

Browse source
This commit is contained in:
El RIDO 2025-11-11 17:52:48 +01:00
commit f456fb576e
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lib/TemplateSwitcher.php
View file

@ -73,8 +73,11 @@ class TemplateSwitcher
*/ */
public static function getTemplate(): string public static function getTemplate(): string
{ {
if (array_key_exists('template', $_COOKIE) && self::isTemplateAvailable($_COOKIE['template'])) { if (array_key_exists('template', $_COOKIE)) {
return $_COOKIE['template']; $template = basename($_COOKIE['template']);
if (self::isTemplateAvailable($template)) {
return $template;
}
} }
return self::$_templateFallback; return self::$_templateFallback;
} }