diff options
| author | Oleg Pudeyev <oleg@bsdpower.com> | 2011-03-10 05:22:37 -0500 |
|---|---|---|
| committer | Oleg Pudeyev <oleg@bsdpower.com> | 2011-03-10 05:22:37 -0500 |
| commit | aa8f4000d30a3f89cb876eb14e3b7522c68f90f0 (patch) | |
| tree | d4eb9965192f4c3a2658117524308044a5c5c357 | |
| parent | c78637da1abbad30b9000c2f8dbf6b513357c4ca (diff) | |
| parent | 9a9b156a8ed5a8c0ad71d51c10ae7a32b24359f4 (diff) | |
| download | forums-aa8f4000d30a3f89cb876eb14e3b7522c68f90f0.tar forums-aa8f4000d30a3f89cb876eb14e3b7522c68f90f0.tar.gz forums-aa8f4000d30a3f89cb876eb14e3b7522c68f90f0.tar.bz2 forums-aa8f4000d30a3f89cb876eb14e3b7522c68f90f0.tar.xz forums-aa8f4000d30a3f89cb876eb14e3b7522c68f90f0.zip | |
Merge branch 'ticket/rxu/10035' into develop-olympus
* ticket/rxu/10035:
[ticket/10035] ACP template edit feature allows to read any files on webserver.
| -rw-r--r-- | phpBB/includes/acp/acp_styles.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 0f157ceff3..37cf8d1f72 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -716,7 +716,7 @@ parse_css_file = {PARSE_CSS_FILE} $save_changes = (isset($_POST['save'])) ? true : false; // make sure template_file path doesn't go upwards - $template_file = str_replace('..', '.', $template_file); + $template_file = preg_replace('#\.{2,}#', '.', $template_file); // Retrieve some information about the template $sql = 'SELECT template_storedb, template_path, template_name |