barryserver-git
Barry Fixed RCE bug b00582b (3 years, 11 months ago)
diff --git a/git.php b/git.php
index 5dfee33..97369d5 100644
--- a/git.php
+++ b/git.php
@@ -203,6 +203,7 @@ ob_start();
$path = str_replace("(","\(",$path);
$path = str_replace("`","\`",$path);
$path = str_replace("|","\|",$path);
+ $path = str_replace("&","\&",$path);
if (!isset($path) || $path === "") {header("Location: ".$ROOT.$SCRIPT."/");}
echo " <span class=\"path\"><a href=\"".$ROOT.$SCRIPT."/\">".$TITLE."</a>";