From 3c075bfd21adac9a4dde4fab6bd22886d6173d30 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Wed, 14 Aug 2019 09:49:18 +0300
Subject: DiskCache: more strict checking for input filenames, getUrl() is no
 longer static

---
 classes/handler/public.php | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

(limited to 'classes/handler')

diff --git a/classes/handler/public.php b/classes/handler/public.php
index 901844e36..4c904231e 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -1202,13 +1202,7 @@ class Handler_Public extends Handler {
 	}
 
 	function cached_url() {
-		$filename = $_GET['file'];
-
-		if (strpos($filename, "/") !== FALSE) {
-			list ($cache_dir, $filename) = explode("/", $filename, 2);
-		} else {
-			$cache_dir = "images";
-		}
+		list ($cache_dir, $filename) = explode("/", $_GET["file"], 2);
 
 		$cache = new DiskCache($cache_dir);
 
-- 
cgit v1.2.3-54-g00ecf