fix:修复了任意文件读取漏洞

2022-10-12 13:57:35 +08:00 · 2022-10-12 13:57:35 +08:00 · 6e07ddc94c
parent e9a7af1059
commit 6e07ddc94c
1 changed files with 1 additions and 1 deletions
--- a/Download.php
+++ b/Download.php
@ -8,7 +8,7 @@ session_start();

 // 修改这一行设置你的文件下载目录
 // IMPORTANT: Do not delete the following conditional test
-if (strpos($_GET['file'], "../") != false) { // 检查是否有 ../，防止用户构造路径，访问某个他不应该访问的目录
+if (strpos($_GET['file'], "../") !== false) { // 检查是否有 ../，防止用户构造路径，访问某个他不应该访问的目录
    die("Sorry.  Nothing to download.");
 }