PHP-MBTiles-Server icon indicating copy to clipboard operation
PHP-MBTiles-Server copied to clipboard

Published 20 hours ago verified publisher icon bmcbride

directory traversal

Open kampar opened this issue 5 years ago • 0 comments

I think there is a needs to escape some bad $_GET variables

$zoom = intval($_GET['z']);
$column = intval($_GET['x']);
$row = intval($_GET['y']);
$db = preg_replace("/[^a-z0-9_]/i","",$_GET['db']);

    $conn = new PDO("sqlite:". $db  .".mbtiles");

kampar avatar Dec 13 '19 13:12 kampar