Skip to content

Commit

Permalink
Fixed FPD Exploit in ajax.php reported here: http://code.google.com/p…
Browse files Browse the repository at this point in the history 
…/thehostingtool/issues/detail?id=1
  • Loading branch information
@kmark
kmark committed May 23, 2010
1 parent 455f861 commit e54e28d
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions includes/ajax.php
View file
Expand Up @@ -1094,8 +1094,10 @@ function deleteTicket() {
}
if(isset($_GET['function']) and $_GET['function'] != "") {
$ajax = new AJAX;
$ajax->{$_GET['function']}();
include(LINK."output.php");
if(method_exists($ajax, $_GET['function'])) {
$ajax->{$_GET['function']}();
include(LINK."output.php");
}
}

?>

0 comments on commit e54e28d

Please sign in to comment.