Skip to content
Permalink
Browse files Browse the repository at this point in the history
XSS / LFI Fox
  • Loading branch information
freshface committed Feb 13, 2012
1 parent 93b41a6 commit a9986b8
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions frontend/core/engine/javascript.php
Expand Up @@ -194,6 +194,17 @@ private function setLanguage($value)
*/
private function setModule($value)
{
$modules = (array) FrontendModel::getModules();

if(!in_array((string) $value, $modules))
{
// when debug is on throw an exception
if(SPOON_DEBUG) throw new FrontendException('Invalid file.');

// when debug is of show a descent message
else exit(SPOON_DEBUG_MESSAGE);
}

$this->module = (string) $value;
}
}

0 comments on commit a9986b8

Please sign in to comment.