projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
[0000281] Filename saitization added
[fa-stable.git]
/
includes
/
main.inc
diff --git
a/includes/main.inc
b/includes/main.inc
index ee7564785f0d8d020ad50668938d9279799a22c5..3d94aeb6900d1a85583ece6eef587f33015c96b9 100644
(file)
--- a/
includes/main.inc
+++ b/
includes/main.inc
@@
-270,11
+270,12
@@
function check_write($path)
function copy_files($flist, $from, $to, $strict=false)
{
foreach ($flist as $file) {
function copy_files($flist, $from, $to, $strict=false)
{
foreach ($flist as $file) {
- if (file_exists($from.'/'.$file))
+ if (file_exists($from.'/'.$file))
{
if (!copy_file($file, $from, $to))
return false;
if (!copy_file($file, $from, $to))
return false;
- if ($strict && !is_file($from.'/'.$file)) // if
+ } else if ($strict) {
unlink($to.'/'.$file);
unlink($to.'/'.$file);
+ }
}
return true;
}
}
return true;
}
@@
-326,11
+327,11
@@
function find_custom_file($rep)
$extensions = $installed_extensions;
foreach ($extensions as $ext)
if (($ext['active'] && $ext['type'] == 'extension')) {
$extensions = $installed_extensions;
foreach ($extensions as $ext)
if (($ext['active'] && $ext['type'] == 'extension')) {
- $local_path_to_root =
$path = $path_to_root.'/'.$ext['path'];
$file = $path.$rep;
if (file_exists($file)) {
set_include_path($path.PATH_SEPARATOR.get_include_path());
$path = $path_to_root.'/'.$ext['path'];
$file = $path.$rep;
if (file_exists($file)) {
set_include_path($path.PATH_SEPARATOR.get_include_path());
+ $local_path_to_root = $path;
return $file;
}
}
return $file;
}
}
@@
-342,5
+343,13
@@
function find_custom_file($rep)
return null;
}
return null;
}
+/*
+
+ Protect against directory traversal.
+ Changes all not POSIX compatible chars to underscore.
+*/
+function clean_file_name($filename) {
+ return preg_replace('/[^a-zA-Z0-9.\-_]/', '_', $filename);
+}
?>
\ No newline at end of file
?>
\ No newline at end of file