projects / moodle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 45f2157)
BUG FIX! - fixes error that could allow ANY file on the system to be read!
authormartin <martin>
Thu, 5 Sep 2002 11:53:17 +0000 (11:53 +0000)
committermartin <martin>
Thu, 5 Sep 2002 11:53:17 +0000 (11:53 +0000)
lib/weblib.php patch | blob | history

diff --git a/lib/weblib.php b/lib/weblib.php
index 1f259db3211ea3718ce5948c22e95f8833bd59e9..a77e40f0ffafb86d38bb4f8f514af1971ba22cdc 100644 (file)
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -240,6 +240,10 @@ function get_slash_arguments($i=0) {
         return false;
     }
 
+    if (strpos($PATH_INFO, "..")) {  // check for funny business
+        return false;
+    }
+
     $args = explode("/", $PATH_INFO);
 
     if ($i) {     // return just the required argument
Unnamed repository; edit this file to name it for gitweb.