[pLog-svn] r6948 - plog/branches/lifetype-1.2/class/controller

jondaley at devel.lifetype.net jondaley at devel.lifetype.net
Wed Jan 6 14:47:32 EST 2010


Author: jondaley
Date: 2010-01-06 14:47:32 -0500 (Wed, 06 Jan 2010)
New Revision: 6948

Modified:
   plog/branches/lifetype-1.2/class/controller/controller.class.php
Log:
better input checking.  fixes path disclosure: #1619

Modified: plog/branches/lifetype-1.2/class/controller/controller.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/controller/controller.class.php	2010-01-06 19:40:13 UTC (rev 6947)
+++ plog/branches/lifetype-1.2/class/controller/controller.class.php	2010-01-06 19:47:32 UTC (rev 6948)
@@ -228,7 +228,7 @@
             global $_plogController_actionMap;
             $actionMap = $_plogController_actionMap;
 
-            if (($actionName == '') || (!empty($actionMap) && !array_key_exists($actionName, $actionMap))) {
+            if(!$actionName || !is_string($actionName) || !array_key_exists($actionName, $actionMap)) {
                 $actionName = DEFAULT_ACTION_NAME;
             }
 



More information about the pLog-svn mailing list