]> gitweb.fluxo.info Git - lorea/elgg.git/commitdiff
projects / lorea / elgg.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dfef09f)
Fixed a security issues when simple cache is off.
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Tue, 4 Aug 2009 17:46:28 +0000 (17:46 +0000)
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Tue, 4 Aug 2009 17:46:28 +0000 (17:46 +0000)
git-svn-id: https://code.elgg.org/elgg/trunk@3420 36083f99-b078-4883-b0ff-0f9b5a30f544

engine/lib/elgglib.php patch | blob | history

diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 067eaec7198a7d4a683b3d56cfdfe56d7665ce00..d04efff99fbb87768dfc1e655f897a9b7df3d938 100644 (file)
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -172,6 +172,11 @@
 
                    global $CONFIG;
                    static $usercache;
+
+                   // basic checking for bad paths
+                   if (strpos($view, '..') !== false) {
+                       return false;
+                    }
                    
                    $view_orig = $view;
                    
@@ -2306,4 +2311,4 @@
        register_elgg_event_handler('init','system','elgg_init');
        register_elgg_event_handler('boot','system','elgg_boot',1000);
        
-?>
\ No newline at end of file
+?>
Social Networking Engine