diff options
| author | ilotterytea <iltsu@alright.party> | 2025-09-29 17:10:13 +0500 |
|---|---|---|
| committer | ilotterytea <iltsu@alright.party> | 2025-09-29 17:10:13 +0500 |
| commit | 4ce56e9cb070c08edc5abab629b78c7634a16c39 (patch) | |
| tree | 1f3e455566f48362bae9d12980eeb948b59d697f | |
| parent | 30b012dcc983beffa67526341d291cfcad2b1d9f (diff) | |
upd: return 404 if file does not exist on disk
| -rw-r--r-- | public/index.php | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/public/index.php b/public/index.php index cdb53ad..e64dd65 100644 --- a/public/index.php +++ b/public/index.php @@ -84,14 +84,13 @@ if (FILE_CATALOG_FANCY_VIEW && $file_id) { '); $stmt->execute([$file_id, $file_ext]); $file = $stmt->fetch(PDO::FETCH_ASSOC) ?: null; + $file_exists = is_file(FILE_UPLOAD_DIRECTORY . "/$file_id.$file_ext"); - if (!$file) { + if (!$file || !$file_exists) { http_response_code(404); exit(); } - $file_exists = is_file(FILE_UPLOAD_DIRECTORY . "/$file_id.$file_ext"); - // counting views $viewed_file_ids = $_SESSION['viewed_file_ids'] ?? []; if (!in_array($file['id'], $viewed_file_ids)) { |