Skip to content

Commit 92012b9

Browse files
committed
Fix ACP Settings management RCE
1 parent 89ba6fd commit 92012b9

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

Diff for: admin/modules/config/settings.php

+4-4
Original file line numberDiff line numberDiff line change
@@ -293,8 +293,8 @@
293293
}
294294

295295
// do some type filtering
296-
$mybb->input['type'] = str_replace("\n", "", $mybb->input['type']);
297-
if(strtolower(substr($mybb->input['type'], 0, 3)) == "php")
296+
$mybb->input['type'] = $mybb->get_input('type');
297+
if(!ctype_alnum($mybb->input['type']) || strtolower($mybb->input['type']) == "php")
298298
{
299299
$mybb->input['type'] = "";
300300
}
@@ -496,8 +496,8 @@
496496
}
497497

498498
// do some type filtering
499-
$mybb->input['type'] = str_replace("\n", "", $mybb->input['type']);
500-
if(strtolower(substr($mybb->input['type'], 0, 3)) == "php")
499+
$mybb->input['type'] = $mybb->get_input('type');
500+
if(!ctype_alnum($mybb->input['type']) || strtolower($mybb->input['type']) == "php")
501501
{
502502
$mybb->input['type'] = "";
503503
}

0 commit comments

Comments
 (0)