From 7af8b302e98a320b3c88089bd0789dcde9ea4d0e Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 10 Jul 2020 14:46:55 +0100
Subject: [PATCH] Prevent direct file access. Resolves #622

---
 app/img/wifi-qr-code.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/img/wifi-qr-code.php b/app/img/wifi-qr-code.php
index 92e9dce3..d89ef077 100644
--- a/app/img/wifi-qr-code.php
+++ b/app/img/wifi-qr-code.php
@@ -4,6 +4,12 @@ require_once '../../includes/config.php';
 require_once '../../includes/defaults.php';
 require_once '../../includes/functions.php';
 
+// prevent direct file access
+if (basename($_SERVER['PHP_SELF']) === basename(__FILE__)) {
+    header('HTTP/1.0 403 Forbidden');
+    exit;
+}
+
 function qr_encode($str)
 {
     return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);