|
@@ -13,10 +13,10 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
if (!empty($_REQUEST['path'])) {
|
|
if (!empty($_REQUEST['path'])) {
|
|
|
- $path = $_REQUEST['path'];
|
|
|
|
|
|
|
+ $path = htmlspecialchars($_REQUEST['path'], ENT_QUOTES, 'UTF-8');
|
|
|
if (!empty($_REQUEST['raw'])) {
|
|
if (!empty($_REQUEST['raw'])) {
|
|
|
header('content-type: image/jpeg');
|
|
header('content-type: image/jpeg');
|
|
|
- passthru (VESTA_CMD . "v-open-fs-file " . $user . " " . escapeshellarg(htmlspecialchars($_REQUEST['path'], ENT_QUOTES, 'UTF-8')));
|
|
|
|
|
|
|
+ passthru (VESTA_CMD . "v-open-fs-file " . $user . " " . escapeshellarg($path));
|
|
|
exit;
|
|
exit;
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
Serghey Rodin