adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 19:38:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adding fix for security exploit (#1429) to /templates/skel/webroot/js/vendors.php

Browse source 
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@3507 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
dho 2006-09-18 05:54:46 +00:00
parent f12290e835
commit 78d38fe5eb
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
cake/scripts/templates/skel/webroot/js/vendors.php
View file

@ -30,7 +30,14 @@
/** /**
* Enter description here... * Enter description here...
*/ */
if (is_file('../../vendors/javascript/' . $_GET['file']) && (preg_match('/(.+)\\.js/', $_GET['file']))) { $file = $_GET['file'];
readfile('../../vendors/javascript/' . $_GET['file']); $pos = strpos($file, '..');
if ($pos === false) {
if(is_file('../../vendors/javascript/'.$file) && (preg_match('/(\/.+)\\.js/', $file)))
{
readfile('../../vendors/javascript/'.$file);
}
} else {
header('HTTP/1.1 404 Not Found');
} }
?> ?>