From: Janusz Dobrowolski Date: Fri, 25 Apr 2014 22:57:39 +0000 (+0200) Subject: Fixed directory traversal issues. X-Git-Tag: 2.3-final~138 X-Git-Url: https://delta.frontaccounting.com/gitweb/?p=fa-stable.git;a=commitdiff_plain;h=a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50 Fixed directory traversal issues. --- diff --git a/admin/inst_module.php b/admin/inst_module.php index f92d2c56..77a16cbd 100644 --- a/admin/inst_module.php +++ b/admin/inst_module.php @@ -42,8 +42,8 @@ function local_extension($id) 'active' => false ); - if (file_exists($path_to_root.'/modules/'.$id.'/hooks.php')) { - include_once($path_to_root.'/modules/'.$id.'/hooks.php'); + if (file_exists($path_to_root.'/modules/'.clean_file_name($id).'/hooks.php')) { + include_once($path_to_root.'/modules/'.clean_file_name($id).'/hooks.php'); } $hooks_class = 'hooks_'.$id; if (class_exists($hooks_class, false)) { diff --git a/includes/hooks.inc b/includes/hooks.inc index ab2d2bdc..71717fc1 100644 --- a/includes/hooks.inc +++ b/includes/hooks.inc @@ -225,9 +225,10 @@ function install_hooks() $Hooks = array(); // include current language related $Hooks object if locale file exists - if (file_exists($path_to_root . "/lang/".$_SESSION['language']->code."/locale.inc")) + $lang_code = clean_file_name($_SESSION['language']->code); + if (file_exists($path_to_root . "/lang/" . $lang_code . "/locale.inc")) { - include_once($path_to_root . "/lang/".$_SESSION['language']->code."/locale.inc"); + include_once($path_to_root . "/lang/" . $lang_code . "/locale.inc"); $code = $_SESSION['language']->code; $hook_class = 'hooks_'.$code; $Hooks[$code] = new $hook_class;