[pLog-svn] r4828 - plugins/branches/lifetype-1.2/templateeditor/class/action
oscar at devel.lifetype.net
oscar at devel.lifetype.net
Thu Feb 22 15:43:06 EST 2007
Author: oscar
Date: 2007-02-22 15:43:06 -0500 (Thu, 22 Feb 2007)
New Revision: 4828
Modified:
plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogdeletetemplatefilesaction.class.php
plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsitedeletetemplatefilesaction.class.php
Log:
This is just ridiculous.
Modified: plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogdeletetemplatefilesaction.class.php
===================================================================
--- plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogdeletetemplatefilesaction.class.php 2007-02-22 20:41:33 UTC (rev 4827)
+++ plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogdeletetemplatefilesaction.class.php 2007-02-22 20:43:06 UTC (rev 4828)
@@ -73,6 +73,11 @@
if ( !empty($this->_subFolderId) ) $templateFolder = $templateFolder . $this->_subFolderId . "/";
foreach( $this->_fileIds as $fileId ) {
+
+ // sanitize parameters
+ $fileId = str_replace( "/", "", $fileId );
+ $fileId = str_replace( "..", "", $fileId );
+
$filename = $templateFolder . $fileId;
// if it's not the default, then try to really remove it from disk
if( !File::delete( $filename ))
Modified: plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsitedeletetemplatefilesaction.class.php
===================================================================
--- plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsitedeletetemplatefilesaction.class.php 2007-02-22 20:41:33 UTC (rev 4827)
+++ plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsitedeletetemplatefilesaction.class.php 2007-02-22 20:43:06 UTC (rev 4828)
@@ -70,6 +70,11 @@
if ( !empty($this->_subFolderId) ) $templateFolder = $templateFolder . $this->_subFolderId . "/";
foreach( $this->_fileIds as $fileId ) {
+
+ // sanitize parameters
+ $fileId = str_replace( "/", "", $fileId );
+ $fileId = str_replace( "..", "", $fileId );
+
$filename = $templateFolder . $fileId;
// if it's not the default, then try to really remove it from disk
if( !File::delete( $filename ))
More information about the pLog-svn
mailing list