From 7b4af63a90a726b98a59b83e53f040a7a566a11d Mon Sep 17 00:00:00 2001
From: Gitea <gitea@fake.local>
Date: Wed, 10 Nov 2021 17:53:13 +0100
Subject: Update

---
 Neutron-trunk/api/admin/password.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 mode change 100755 => 100644 Neutron-trunk/api/admin/password.php

(limited to 'Neutron-trunk/api/admin/password.php')

diff --git a/Neutron-trunk/api/admin/password.php b/Neutron-trunk/api/admin/password.php
old mode 100755
new mode 100644
index a823721..ff57028
--- a/Neutron-trunk/api/admin/password.php
+++ b/Neutron-trunk/api/admin/password.php
@@ -46,7 +46,7 @@ if ($_POST['newpass'] == $_POST['newpassr']) {} else {
     require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["passnewnomatch"]);
 }
 
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
     if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
         $tokens = scandir($_SERVER['DOCUMENT_ROOT'] . "/data/tokens");
         foreach ($tokens as $token) {
-- 
cgit