From 00dfc19c97c1bbeb7d20262b812924d9801ee61a Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Fri, 10 Feb 2023 20:28:27 +0100
Subject: [PATCH] Security update

---
 plugins/dynamix/include/Notify.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/dynamix/include/Notify.php b/plugins/dynamix/include/Notify.php
index 8a650899a..01646b977 100644
--- a/plugins/dynamix/include/Notify.php
+++ b/plugins/dynamix/include/Notify.php
@@ -47,8 +47,8 @@ case 'get':
   echo shell_exec("$notify get");
   break;
 case 'hide':
-  $file = realpath($_POST['file']??'');
-  if (file_exists($file) && strpos($file,'/tmp/')===0 && pathinfo($file)['extension']=='notify') chmod($file,0000);
+  $file = $_POST['file']??'';
+  if (file_exists($file) && $file==realpath($file) && pathinfo($file)['extension']=='notify') chmod($file,0000);
   break;
 case 'archive':
   $file = $_POST['file']??'';