print_header();
- if (ereg("\\.\\.", $file)) {
- error("Filenames can not contain \"..\"");
+ if (detect_munged_arguments("$module/$file")) {
+ error("Filenames contain illegal characters!");
}
if ($file) {
if (file_exists("$filepath")) {
require_once("$filepath"); // Chosen language
- } else { // Fall back to English
+ } else { // Fall back to English
if ($module == "moodle") {
$filepath = "$CFG->dirroot/lang/en/help/$file";
} else {
}
}
} else {
- echo "<P>";
+ echo "<p>";
echo $text;
- echo "</P>";
+ echo "</p>";
}
close_window_button();
?>
-</BODY>
-</HTML>
+</body>
+</html>
$address));
}
+function detect_munged_arguments($string) {
+ if (ereg("\.\.", $string)) { // check for parent URLs
+ return true;
+ }
+ if (ereg("\|", $string)) { // check for pipes
+ return true;
+ }
+ if (ereg("\'", $string)) { // check for backquotes
+ return true;
+ }
+ return false;
+}
+
function get_slash_arguments($file="file.php") {
/// Searches the current environment variables for some slash arguments
/// Extracts arguments from "/foo/bar/something"
/// eg http://mysite.com/script.php/foo/bar/something
- if (strpos($string, "..")) { // check for parent URLs
- return false;
- }
- if (strpos($string, "|")) { // check for pipes
+ if (detect_munged_arguments($string)) {
return false;
}
- if (strpos($string, "`")) { // check for backquotes
- return false;
- }
-
$args = explode("/", $string);
if ($i) { // return just the required argument
projects / moodle.git / commitdiff