]> gitweb.fluxo.info Git - lorea/elgg.git/commitdiff
Fixed a security issues when simple cache is off.
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Tue, 4 Aug 2009 17:46:28 +0000 (17:46 +0000)
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Tue, 4 Aug 2009 17:46:28 +0000 (17:46 +0000)
git-svn-id: https://code.elgg.org/elgg/trunk@3420 36083f99-b078-4883-b0ff-0f9b5a30f544

engine/lib/elgglib.php

index 067eaec7198a7d4a683b3d56cfdfe56d7665ce00..d04efff99fbb87768dfc1e655f897a9b7df3d938 100644 (file)
 
                    global $CONFIG;
                    static $usercache;
+
+                   // basic checking for bad paths
+                   if (strpos($view, '..') !== false) {
+                       return false;
+                    }
                    
                    $view_orig = $view;
                    
        register_elgg_event_handler('init','system','elgg_init');
        register_elgg_event_handler('boot','system','elgg_boot',1000);
        
-?>
\ No newline at end of file
+?>