From 267303d4cee1b323c3ac42ff8edde3a22906c631 Mon Sep 17 00:00:00 2001
From: adrien <adrien@malingrey.fr>
Date: Tue, 20 May 2025 00:30:25 +0200
Subject: [PATCH] check file_exists

---
 show.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/show.php b/show.php
index b6a3d5f..37d9cc2 100644
--- a/show.php
+++ b/show.php
@@ -2,7 +2,11 @@
 
 $path = realpath($basedir . DIRECTORY_SEPARATOR . ltrim(urldecode($_SERVER["QUERY_STRING"]), '/'));
 
-if (strpos($path, $basedir) !== 0 || substr($path, -4) != ".cfg") {
+if (
+    strpos($path, $basedir) !== 0
+    || substr($path, -4) != ".cfg"
+    || !file_exists($path)
+    ) {
     http_response_code(404);
     die("Fichier non trouvé");
 }