diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2014-06-11 23:34:51 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2014-06-11 23:34:51 +0200 |
| commit | 204904441a373db335375e973f78b9e8b2741867 (patch) | |
| tree | 09e92502855405349c1f422ab8f0994ed5c4d7e3 /phpBB/viewonline.php | |
| parent | 694f8391c9d3a948159ea2564e6bf4c606eb4053 (diff) | |
| download | forums-204904441a373db335375e973f78b9e8b2741867.tar forums-204904441a373db335375e973f78b9e8b2741867.tar.gz forums-204904441a373db335375e973f78b9e8b2741867.tar.bz2 forums-204904441a373db335375e973f78b9e8b2741867.tar.xz forums-204904441a373db335375e973f78b9e8b2741867.zip | |
[ticket/9801] Allow display of page outside board directory on viewonline
Until now, the preg_match didn't take into account that a page might be
outside the board directory. After this change, the regular expression will
allow preceding dots and slashes. Paths like ../../test.php will be allowed.
The page will be unknown in viewonline.php and it will revert to index.php as
current page. However, the core.viewonline_overwrite_location event will
receive proper info of the page the user is on right now allowing a listener
to change the info that is being displayed.
PHPBB3-9801
Diffstat (limited to 'phpBB/viewonline.php')
| -rw-r--r-- | phpBB/viewonline.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/viewonline.php b/phpBB/viewonline.php index 43b5f7f001..69e63faa86 100644 --- a/phpBB/viewonline.php +++ b/phpBB/viewonline.php @@ -213,7 +213,7 @@ while ($row = $db->sql_fetchrow($result)) continue; } - preg_match('#^([a-z0-9/_-]+)#i', $row['session_page'], $on_page); + preg_match('#^([./\\]*+[a-z0-9/_-]+)#i', $row['session_page'], $on_page); if (!sizeof($on_page)) { $on_page[1] = ''; |