Adding fix for security exploit (#1429) to /templates/skel/webroot/js/vendors.php

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@3507 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
dho 2006-09-18 05:54:46 +00:00
parent f12290e835
commit 78d38fe5eb

View file

@ -30,7 +30,14 @@
/** /**
* Enter description here... * Enter description here...
*/ */
if (is_file('../../vendors/javascript/' . $_GET['file']) && (preg_match('/(.+)\\.js/', $_GET['file']))) { $file = $_GET['file'];
readfile('../../vendors/javascript/' . $_GET['file']); $pos = strpos($file, '..');
if ($pos === false) {
if(is_file('../../vendors/javascript/'.$file) && (preg_match('/(\/.+)\\.js/', $file)))
{
readfile('../../vendors/javascript/'.$file);
} }
} else {
header('HTTP/1.1 404 Not Found');
}
?> ?>