[pLog-svn] r6948 - plog/branches/lifetype-1.2/class/controller
jondaley at devel.lifetype.net
jondaley at devel.lifetype.net
Wed Jan 6 14:47:32 EST 2010
Author: jondaley
Date: 2010-01-06 14:47:32 -0500 (Wed, 06 Jan 2010)
New Revision: 6948
Modified:
plog/branches/lifetype-1.2/class/controller/controller.class.php
Log:
better input checking. fixes path disclosure: #1619
Modified: plog/branches/lifetype-1.2/class/controller/controller.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/controller/controller.class.php 2010-01-06 19:40:13 UTC (rev 6947)
+++ plog/branches/lifetype-1.2/class/controller/controller.class.php 2010-01-06 19:47:32 UTC (rev 6948)
@@ -228,7 +228,7 @@
global $_plogController_actionMap;
$actionMap = $_plogController_actionMap;
- if (($actionName == '') || (!empty($actionMap) && !array_key_exists($actionName, $actionMap))) {
+ if(!$actionName || !is_string($actionName) || !array_key_exists($actionName, $actionMap)) {
$actionName = DEFAULT_ACTION_NAME;
}
More information about the pLog-svn
mailing list