projects
/
fa-stable.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
fe984d1
)
Install/Update Languages: fixed directory traversal issue.
author
Janusz Dobrowolski
<janusz@frontaccounting.eu>
Mon, 13 Jul 2020 10:59:24 +0000
(12:59 +0200)
committer
Janusz Dobrowolski
<janusz@frontaccounting.eu>
Mon, 13 Jul 2020 10:59:24 +0000
(12:59 +0200)
admin/inst_lang.php
patch
|
blob
|
history
diff --git
a/admin/inst_lang.php
b/admin/inst_lang.php
index b2264c1dfd8e7b1b92be0a34f92d3c3b75e3e742..3ed51a6819fdae185b24d2b5385f277bca4ab5f3 100644
(file)
--- a/
admin/inst_lang.php
+++ b/
admin/inst_lang.php
@@
-151,16
+151,16
@@
function handle_submit($id)
$dflt_lang = $_POST['code'];
}
$dflt_lang = $_POST['code'];
}
- $installed_languages[$id]['code'] =
$_POST['code']
;
+ $installed_languages[$id]['code'] =
clean_file_name($_POST['code'])
;
$installed_languages[$id]['name'] = $_POST['name'];
$installed_languages[$id]['name'] = $_POST['name'];
- $installed_languages[$id]['path'] = 'lang/' .
$_POST['code']
;
+ $installed_languages[$id]['path'] = 'lang/' .
clean_file_name(get_post('code'))
;
$installed_languages[$id]['encoding'] = $_POST['encoding'];
$installed_languages[$id]['rtl'] = (bool)$_POST['rtl'];
$installed_languages[$id]['package'] = '';
$installed_languages[$id]['version'] = '';
if (!write_lang())
return false;
$installed_languages[$id]['encoding'] = $_POST['encoding'];
$installed_languages[$id]['rtl'] = (bool)$_POST['rtl'];
$installed_languages[$id]['package'] = '';
$installed_languages[$id]['version'] = '';
if (!write_lang())
return false;
- $directory = $path_to_root . "/lang/" .
$_POST['code']
;
+ $directory = $path_to_root . "/lang/" .
clean_file_name(get_post('code'))
;
if (!file_exists($directory))
{
mkdir($directory);
if (!file_exists($directory))
{
mkdir($directory);