Changeset 2272 for branches

Timestamp:

12/01/10 11:02:28 (18 months ago)

Author:

nick_ramsay

Message:

[1.5] Double dot removal in page names.

Files:

• branches/1.5/libs/PageHandling.php (modified) (2 diffs)

branches/1.5/libs/PageHandling.php

@@ -172 +172 @@
                 }
 
-                if ($page) {
+                if ($page)
+                {
+                        $page = str_replace('..', '', $page)); // prevents access outside the current folder
                         return rtrim($page, '/');
                 }
@@ -265 +267 @@
                 }
 
+                $page = str_replace('..', '', $page)); // prevents access outside the current folder
                 $page = $page . '.php';