ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

use detaintPath on modal to prevent including other files instead of real modals

pull/3669/merge
Isaac Connor 2023-02-20 11:58:10 -05:00
parent 4067151fd8
commit 119e4e6756
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
web/ajax/modal.php
View File

@ -1,11 +1,10 @@
<?php
if (empty($_REQUEST['modal'])) {
ajaxError('Modal Name Not Provided');
return;
}
$modal = validJsStr($_REQUEST['modal']);
$modal = detaintPath($_REQUEST['modal']);
$data = array();
ZM\Debug("Including modals/$modal.php");