Changeset 2279 for branches

Timestamp:

12/04/10 00:06:43 (18 months ago)

Author:

nick_ramsay

Message:

[1.4.2] Double-dot fix in PageHandling.

Files:

• branches/1.4/libs/PageHandling.php (modified) (2 diffs)

branches/1.4/libs/PageHandling.php

@@ -168 +168 @@
                 
                 if ($page) {
+                        $page = str_replace('..', '', $page); // prevents access outside the current folder
                         $page = rtrim($page, '/');
                         return $page;
@@ -254 +255 @@
                 } 
                 
+                $page = str_replace('..', '', $page); // prevents access outside the current folder
                 $page = $page . '.php';