Listen to REQUEST_URI

2016-10-31 17:00:39 +01:00 · 2016-10-31 17:00:39 +01:00 · 71c5996703
--- a/index.php
+++ b/index.php
@ -27,7 +27,7 @@ header('Strict-Transport-Security: max-age=15768000; includeSubDomains; preload'
 header('Content-Type: application/octet-stream');
 header('Content-Disposition: attachment');

-$cacheItem = $_SERVER['PATH_INFO'];
+$cacheItem = substr($_SERVER['REQUEST_URI'], 1);
 if (strpos($cacheItem, '/../') !== false || strrchr($cacheItem, '/') === '/..') {
 	die('Traversal detected');
 }