[GH-ISSUE #477] Security Issue with excluded folders #350

New issue

Open

opened 2026-03-02 15:58:02 +03:00 by kerem · 1 comment

kerem commented

2026-03-02 15:58:02 +03:00

Owner

Originally created by @taylorman57 on GitHub (Dec 27, 2020).
Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/477

The excluded folders feature is not recursive.

For example if I exclude "users" I can still put /?p=users/username and it will load the "username" folder

Originally created by @taylorman57 on GitHub (Dec 27, 2020). Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/477 The excluded folders feature is not recursive. For example if I exclude "users" I can still put /?p=users/username and it will load the "username" folder

kerem added the

suggestion

label

2026-03-02 15:58:02 +03:00

kerem commented

2026-03-02 15:58:03 +03:00

Author

Owner

@prasathmani commented on GitHub (Jan 5, 2021):

as of now excluded folders will be hidden in display directory list only, but still user can access using the url, will be fixing in upcoming releases.

@prasathmani commented on GitHub (Jan 5, 2021): as of now excluded folders will be hidden in display directory list only, but still user can access using the url, will be fixing in upcoming releases.

kerem referenced this issue

2026-03-02 16:02:31 +03:00

[PR #361] [MERGED] fix settings are not saved. #963