SECURITY: Fix Directory Traversal Vulerability.

mrubinsk · mrubinsk · commit 8844968890ac · 2020-03-08T17:33:11.000-04:00
diff --git a/lib/Block/Bookmarks.php b/lib/Block/Bookmarks.php
@@ -68,7 +68,7 @@ protected function _title()
      */
     protected function _content()
     {
-        $template = TREAN_TEMPLATES . '/block/' . $this->_params['template'] . '.inc';
+        $template = TREAN_TEMPLATES . '/block/' . basename($this->_params['template']) . '.inc';
 
         $sortby = 'title';
         $sortdir = 0;
diff --git a/lib/Block/Mostclicked.php b/lib/Block/Mostclicked.php
@@ -58,7 +58,7 @@ protected function _title()
      */
     protected function _content()
     {
-        $template = TREAN_TEMPLATES . '/block/' . $this->_params['template'] . '.inc';
+        $template = TREAN_TEMPLATES . '/block/' . basename($this->_params['template']) . '.inc';
 
         $html = '';
         $bookmarks = $GLOBALS['trean_gateway']->listBookmarks('clicks', 1, 0, $this->_params['rows']);

Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,7 @@ protected function _title()`
`68`	`68`	`*/`
`69`	`69`	`protected function _content()`
`70`	`70`	`{`
`71`		`- $template = TREAN_TEMPLATES . '/block/' . $this->_params['template'] . '.inc';`
	`71`	`+ $template = TREAN_TEMPLATES . '/block/' . basename($this->_params['template']) . '.inc';`
`72`	`72`
`73`	`73`	`$sortby = 'title';`
`74`	`74`	`$sortdir = 0;`
Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ protected function _title()`
`58`	`58`	`*/`
`59`	`59`	`protected function _content()`
`60`	`60`	`{`
`61`		`- $template = TREAN_TEMPLATES . '/block/' . $this->_params['template'] . '.inc';`
	`61`	`+ $template = TREAN_TEMPLATES . '/block/' . basename($this->_params['template']) . '.inc';`
`62`	`62`
`63`	`63`	`$html = '';`
`64`	`64`	`$bookmarks = $GLOBALS['trean_gateway']->listBookmarks('clicks', 1, 0, $this->_params['rows']);`