diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2009-12-21 22:29:28 +0000 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2009-12-21 22:29:28 +0000 |
| commit | 1261e21eac472d9b523f2db2b2efdca93b7510f7 (patch) | |
| tree | dfa5498a35cd6e5ed93ceffc49cc2b3820390f0e /phpBB | |
| parent | 64898803af78a1d73be34c1ea85608f7fd293444 (diff) | |
| download | forums-1261e21eac472d9b523f2db2b2efdca93b7510f7.tar forums-1261e21eac472d9b523f2db2b2efdca93b7510f7.tar.gz forums-1261e21eac472d9b523f2db2b2efdca93b7510f7.tar.bz2 forums-1261e21eac472d9b523f2db2b2efdca93b7510f7.tar.xz forums-1261e21eac472d9b523f2db2b2efdca93b7510f7.zip | |
Bug #55665 - Restrict search for styles/../style.cfg to folders.
Authorised by: bantu
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10360 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_styles.php | 4 |
2 files changed, 5 insertions, 0 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 00754c5370..984123e0fd 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -121,6 +121,7 @@ <li>[Fix] Correctly get unread status information for global announcements in search results.</li> <li>[Fix] Correctly handle global announcements in ATOM feeds.</li> <li>[Fix] Use correct limit config parameter in the News feed.</li> + <li>[Fix] Restrict search for styles/../style.cfg to folders. (Bug #55665)</li> <li>[Change] Move redirect into a hidden field to avoid issues with mod_security. (Bug #54145)</li> <li>[Change] Log activation through inactive users ACP. (Bug #30145)</li> <li>[Change] Send time of last item instead of current time in ATOM Feeds. (Bug #53305)</li> diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index fbf3eadcb2..faa16570c5 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -643,6 +643,10 @@ parse_css_file = {PARSE_CSS_FILE} { while (($file = readdir($dp)) !== false) { + if (!is_dir($file)) + { + continue; + } $subpath = ($mode != 'style') ? "$mode/" : ''; if ($file[0] != '.' && file_exists("{$phpbb_root_path}styles/$file/$subpath$mode.cfg")) { |