diff options
| author | rxu <rxu@mail.ru> | 2011-03-07 21:22:33 +0700 |
|---|---|---|
| committer | rxu <rxu@mail.ru> | 2011-03-07 21:22:33 +0700 |
| commit | 9a9b156a8ed5a8c0ad71d51c10ae7a32b24359f4 (patch) | |
| tree | e01d7fa07c04d36eecc262a1d6d1c868c0d4dcf1 /phpBB | |
| parent | f08cbc73de208dab29737ab53db3af8a6a2d97fc (diff) | |
| download | forums-9a9b156a8ed5a8c0ad71d51c10ae7a32b24359f4.tar forums-9a9b156a8ed5a8c0ad71d51c10ae7a32b24359f4.tar.gz forums-9a9b156a8ed5a8c0ad71d51c10ae7a32b24359f4.tar.bz2 forums-9a9b156a8ed5a8c0ad71d51c10ae7a32b24359f4.tar.xz forums-9a9b156a8ed5a8c0ad71d51c10ae7a32b24359f4.zip | |
[ticket/10035] ACP template edit feature allows to read any files on webserver.
... and to upload/execute any script on it. Use preg_replace to filter filename
PHPBB3-10035
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/acp/acp_styles.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 0f157ceff3..37cf8d1f72 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -716,7 +716,7 @@ parse_css_file = {PARSE_CSS_FILE} $save_changes = (isset($_POST['save'])) ? true : false; // make sure template_file path doesn't go upwards - $template_file = str_replace('..', '.', $template_file); + $template_file = preg_replace('#\.{2,}#', '.', $template_file); // Retrieve some information about the template $sql = 'SELECT template_storedb, template_path, template_name |