Skip to content
Browse files

BUG FIX! - fixes error that could allow ANY file on the system to be …

…read!
  • Loading branch information...
1 parent 45f2157 commit e2d89725535a3795543e08a8e6205128ab51a7ae martin committed Sep 5, 2002
Showing with 4 additions and 0 deletions.
  1. +4 −0 lib/weblib.php
View
4 lib/weblib.php
@@ -240,6 +240,10 @@ function get_slash_arguments($i=0) {
return false;
}
+ if (strpos($PATH_INFO, "..")) { // check for funny business
+ return false;
+ }
+
$args = explode("/", $PATH_INFO);
if ($i) { // return just the required argument

0 comments on commit e2d8972

Please sign in to comment.
Something went wrong with that request. Please try again.