From dbd73690b28973f1893886af5c7b99d470932678 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Wed, 25 Jan 2017 09:26:07 -0600 Subject: [PATCH] use !== false rather than === true --- web/views/image.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/web/views/image.php b/web/views/image.php index bb9335353..82f0ed046 100644 --- a/web/views/image.php +++ b/web/views/image.php @@ -81,8 +81,9 @@ if ( empty($_REQUEST['path']) ) } else { $dir_events = realpath(ZM_DIR_EVENTS); $path = realpath($dir_events . '/' . $_REQUEST['path']); + $pos = strpos($path, $dir_events); - if(strpos($path, $dir_events) == 0) { + if($pos == 0 && $pos !== false) { if ( !empty($user['MonitorIds']) ) { $imageOk = false; $pathMonId = substr( $path, 0, strspn( $path, "1234567890" ) );