disallow "." files like .htaccess.

author garvinhicking <garvinhicking>

Mon, 9 May 2005 08:10:25 +0000 (08:10 +0000)

committer garvinhicking <garvinhicking>

Mon, 9 May 2005 08:10:25 +0000 (08:10 +0000)
author garvinhicking <garvinhicking>
Mon, 9 May 2005 08:10:25 +0000 (08:10 +0000)
committer garvinhicking <garvinhicking>
Mon, 9 May 2005 08:10:25 +0000 (08:10 +0000)
diff --git a/include/admin/images.inc.php b/include/admin/images.inc.php

index 4d1e958d46c99e23e7d18b30303aa7196047ade0..fdedb81de1d84e78dac34adccfd8969a95377daf 100644 (file)
--- a/include/admin/images.inc.php
+++ b/include/admin/images.inc.php
@@ -125,7 +125,7 @@ switch ($serendipity['GET']['adminAction']) {
              $tindex  = 1;
          }
  
-        if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && preg_match('@\.(php[34]?|[ps]html?)$@i', $tfile)) {
+        if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && (preg_match('@\.(php[34]?|[ps]html?)$@i', $tfile) || preg_match('@^\.@', $tfile)) {
              printf(ERROR_FILE_FORBIDDEN, $tfile);
              break;
          }
author	garvinhicking <garvinhicking>
	Mon, 9 May 2005 08:10:25 +0000 (08:10 +0000)
committer	garvinhicking <garvinhicking>
	Mon, 9 May 2005 08:10:25 +0000 (08:10 +0000)