Disallow dots being passed to lang (path disclosure)

moodle · Aug 18, 2004 · 80035a8 · 80035a8
1 parent 5e98103
commit 80035a8
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/lib/setup.php b/lib/setup.php
@@ -235,7 +235,7 @@ class object {};
 /// majority of cases), use the stored locale specified by admin.
 
     if (isset($_GET['lang'])) {
-        if (!detect_munged_arguments($lang) and file_exists("$CFG->dirroot/lang/$lang")) {
+        if (!detect_munged_arguments($lang, 0) and file_exists("$CFG->dirroot/lang/$lang")) {
             $SESSION->lang = $lang;
             $SESSION->encoding = get_string('thischarset');
         }

diff --git a/lib/weblib.php b/lib/weblib.php
@@ -524,8 +524,8 @@ function validate_email ($address) {
                   $address));
 }
 
-function detect_munged_arguments($string) {
-    if (substr_count($string, '..') > 1) {   // We allow one '..' in a URL
+function detect_munged_arguments($string, $allowdots=1) {
+    if (substr_count($string, '..') > $allowdots) {   // Sometimes we allow dots in references
         return true;
     }
     if (ereg('[\|\`]', $string)) {  // check for other bad characters