From 7d8fc65ef04c92d298370742521605ae411399c4 Mon Sep 17 00:00:00 2001 From: billz Date: Sat, 11 Jul 2020 09:03:23 +0100 Subject: [PATCH] Block direct file access --- app/img/wifi-qr-code.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/app/img/wifi-qr-code.php b/app/img/wifi-qr-code.php index 92e9dce3..21092f82 100644 --- a/app/img/wifi-qr-code.php +++ b/app/img/wifi-qr-code.php @@ -4,6 +4,12 @@ require_once '../../includes/config.php'; require_once '../../includes/defaults.php'; require_once '../../includes/functions.php'; +// prevent direct file access +if (!isset($_SERVER['HTTP_REFERER'])) { + header('HTTP/1.0 403 Forbidden'); + exit; +} + function qr_encode($str) { return preg_replace('/(?