[php-blog-cvs] serendipity/include/admin import.inc.php,1.1.2.1,1.1.2.2

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/php-blog/serendipity/include/admin
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv28603

Modified Files:
      Tag: branch-smarty
	import.inc.php 
Log Message:
- Secure the loading of the import module


Index: import.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/include/admin/Attic/import.inc.php,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -d -r1.1.2.1 -r1.1.2.2

--- import.inc.php	15 Nov 2004 21:06:49 -0000	1.1.2.1
+++ import.inc.php	15 Nov 2004 21:11:41 -0000	1.1.2.2
@@ -14,11 +14,8 @@
 
 if ( isset($serendipity['GET']['importFrom']) ) {
 
-    /* Include the importer
-
-       HIGH PRIORITY TODO: Must validate $serendipity['GET']['importFrom']
-     */
-    $class = @require_once(S9Y_INCLUDE_PATH . 'include/admin/importers/'. $serendipity['GET']['importFrom'] .'.inc.php');
+    /* Include the importer */
+    $class = @require_once(S9Y_INCLUDE_PATH . 'include/admin/importers/'. basename($serendipity['GET']['importFrom']) .'.inc.php');
     if ( !class_exists($class) ) {
         die('FAILURE: Unable to require import module, possible syntax error?');
     }





[php-blog-cvs] serendipity/include/admin import.inc.php,1.1.2.1,1.1.2.2

A reliable, secure & extensible PHP blog | Not mainstream since 2002

[php-blog-cvs] serendipity/include/admin import.inc.php,1.1.2.1,1.1.2.2