Leahnaya/pokemon-showdown-client
1
0
Fork 0
mirror of https://github.com/smogon/pokemon-showdown-client.git synced 2026-03-21 17:50:29 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix security vuln

Browse Source 
Special thanks to Mina for finding this
This commit is contained in:
Guangcong Luo 2026-03-16 07:05:10 +00:00
parent 54a573b815
commit 647308216a
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
play.pokemonshowdown.com/dirindex/dirindex.php
View File

@ -749,6 +749,8 @@ if (function_exists('dirindex_intro')) {
$has_sprites = false;
$special_sprites = function_exists('dirindex_sprites');
$view = $_GET['view'] ?? ($special_sprites ? 'sprites' : 'dir');
if (!ctype_alnum($view)) die('Access denied; invalid view');
if ($special_sprites || array_key_exists($rel_dir, $sprites_whitelist)) {
$has_sprites = true;
if ($view === 'sprites') {