From 7b4af63a90a726b98a59b83e53f040a7a566a11d Mon Sep 17 00:00:00 2001
From: Gitea <gitea@fake.local>
Date: Wed, 10 Nov 2021 17:53:13 +0100
Subject: Update

---
 Neutron-trunk/api/admin/footer.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 mode change 100755 => 100644 Neutron-trunk/api/admin/footer.php

(limited to 'Neutron-trunk/api/admin/footer.php')

diff --git a/Neutron-trunk/api/admin/footer.php b/Neutron-trunk/api/admin/footer.php
old mode 100755
new mode 100644
index 5422d0c..961f8ea
--- a/Neutron-trunk/api/admin/footer.php
+++ b/Neutron-trunk/api/admin/footer.php
@@ -8,7 +8,7 @@ if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log")) {
 } else {
     file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", date("d/m/Y H:i:s") . " - API/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n");
 }
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
     if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
         if (isset($_POST['footer'])) {
             file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/footer", $_POST['footer']);
-- 
cgit