git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@3506 3807eeeb-6ff5-0310-8944-8be069107fe0

2024-11-15 03:18:26 +00:00 · 2006-09-17 16:30:47 +00:00 · 2006-09-17 16:30:47 +00:00 · f12290e835
commit f12290e835
parent ead9f329e9
1 changed files with 9 additions and 2 deletions
--- a/app/webroot/js/vendors.php
+++ b/app/webroot/js/vendors.php
@ -30,7 +30,14 @@
 /**
 * Enter description here...
 */
-	if (is_file('../../vendors/javascript/' . $_GET['file']) && (preg_match('/(.+)\\.js/', $_GET['file']))) {
-		 readfile('../../vendors/javascript/' . $_GET['file']);
+$file = $_GET['file'];
+$pos = strpos($file, '..');
+if ($pos === false) {
+	if(is_file('../../vendors/javascript/'.$file) && (preg_match('/(\/.+)\\.js/', $file)))
+	{
+		readfile('../../vendors/javascript/'.$file);
 	}
+} else {
+	header('HTTP/1.1 404 Not Found');
+}
 ?>