fixed vulnerabilities

2022-10-04 18:13:50 +02:00 · 2022-10-04 18:13:50 +02:00 · 2ea3c3038c
parent 05cbc2fb0e
commit 2ea3c3038c
2 changed files with 2 additions and 0 deletions
--- a/pandora_console/ajax.php
+++ b/pandora_console/ajax.php
@ -110,6 +110,7 @@ $auth_class = io_safe_output(
 $page = (string) get_parameter('page');
 $page = safe_url_extraclean($page);
 $page .= '.php';
+$page = realpath($page);
 $public_hash = get_parameter('auth_hash', false);
 $public_login = false;

--- a/pandora_console/extras/delete_files/delete_files.txt
+++ b/pandora_console/extras/delete_files/delete_files.txt
@ -1666,3 +1666,4 @@ godmode/um_client/vendor/sebastian/object-enumerator
 godmode/um_client/vendor/sebastian
 godmode/um_client/vendor
 update_manager_client/resources/styles/pandora.css
+enterprise/meta/general/upload_head_image.php