mirror of
https://github.com/myronblair/parkerslingshotrentals
synced 2026-06-30 17:50:31 -05:00
Security: block direct upload access, fix view-doc path traversal guard
- uploads/.htaccess: deny all direct web access to uploaded customer docs - admin/view-doc.php: add realpath() path-traversal check (mirrors view-doc.php) - admin/view-doc.php: remove dead double-query (result was always overwritten) - .gitignore: uploads/* wildcard so .htaccess can be tracked
This commit is contained in:
+2
-1
@@ -2,4 +2,5 @@
|
||||
.DS_Store
|
||||
*.swp
|
||||
|
||||
uploads/
|
||||
uploads/*
|
||||
!uploads/.htaccess
|
||||
|
||||
Reference in New Issue
Block a user