mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 19:38:26 +00:00
Adding fix for security exploit (#1429) to /templates/skel/webroot/js/vendors.php
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@3507 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
parent
f12290e835
commit
78d38fe5eb
1 changed files with 9 additions and 2 deletions
|
@ -30,7 +30,14 @@
|
|||
/**
|
||||
* Enter description here...
|
||||
*/
|
||||
if (is_file('../../vendors/javascript/' . $_GET['file']) && (preg_match('/(.+)\\.js/', $_GET['file']))) {
|
||||
readfile('../../vendors/javascript/' . $_GET['file']);
|
||||
$file = $_GET['file'];
|
||||
$pos = strpos($file, '..');
|
||||
if ($pos === false) {
|
||||
if(is_file('../../vendors/javascript/'.$file) && (preg_match('/(\/.+)\\.js/', $file)))
|
||||
{
|
||||
readfile('../../vendors/javascript/'.$file);
|
||||
}
|
||||
} else {
|
||||
header('HTTP/1.1 404 Not Found');
|
||||
}
|
||||
?>
|
||||
|
|
Loading…
Reference in a new issue