mirror of
https://github.com/myronblair/parkerslingshotrentals
synced 2026-06-30 09:40:14 -05:00
myron
bb21fca399
- uploads/.htaccess: deny all direct web access to uploaded customer docs - admin/view-doc.php: add realpath() path-traversal check (mirrors view-doc.php) - admin/view-doc.php: remove dead double-query (result was always overwritten) - .gitignore: uploads/* wildcard so .htaccess can be tracked