Prevent direct file access. Resolves #622

2025-03-01 10:31:47 +00:00 · 2020-07-10 14:46:55 +01:00 · 2020-07-10 14:46:55 +01:00 · 7af8b302e9
commit 7af8b302e9
parent bf2fda1bc4
1 changed files with 6 additions and 0 deletions
--- a/app/img/wifi-qr-code.php
+++ b/app/img/wifi-qr-code.php
@ -4,6 +4,12 @@ require_once '../../includes/config.php';
 require_once '../../includes/defaults.php';
 require_once '../../includes/functions.php';

+// prevent direct file access
+if (basename($_SERVER['PHP_SELF']) === basename(__FILE__)) {
+    header('HTTP/1.0 403 Forbidden');
+    exit;
+}
+
 function qr_encode($str)
 {
    return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);