Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

XSS / LFI Fox

  • Loading branch information...
commit a9986b86c53de0582248b39605660fbba0c21a29 1 parent 93b41a6
@freshface freshface authored
Showing with 11 additions and 0 deletions.
  1. +11 −0 frontend/core/engine/javascript.php
View
11 frontend/core/engine/javascript.php
@@ -194,6 +194,17 @@ private function setLanguage($value)
*/
private function setModule($value)
{
+ $modules = (array) FrontendModel::getModules();
+
+ if(!in_array((string) $value, $modules))
+ {
+ // when debug is on throw an exception
+ if(SPOON_DEBUG) throw new FrontendException('Invalid file.');
+
+ // when debug is of show a descent message
+ else exit(SPOON_DEBUG_MESSAGE);
+ }
+
$this->module = (string) $value;
}
}
Please sign in to comment.
Something went wrong with that request. Please try again.