Menu
▾
▴
[PHPiCalendar-Commits] phpicalendar/functions template.php,1.80,1.81
|
From: <ji...@us...> - 2006-02-09 04:37:25
|
Update of /cvsroot/phpicalendar/phpicalendar/functions In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv6563/phpicalendar/functions Modified Files: template.php Log Message: Sanitize file in parse function Index: template.php =================================================================== RCS file: /cvsroot/phpicalendar/phpicalendar/functions/template.php,v retrieving revision 1.80 retrieving revision 1.81 diff -C2 -d -r1.80 -r1.81 *** template.php 8 Feb 2006 08:07:54 -0000 1.80 --- template.php 9 Feb 2006 04:37:12 -0000 1.81 *************** *** 1035,1043 **** --- 1035,1049 ---- function parse($file) { + global $template; ob_start(); + $file = str_replace("..","",$file); + if (strpos($file, "$template") > 0 || $file =='./functions/event.js'){ include($file); $buffer = ob_get_contents(); ob_end_clean(); return $buffer; + }else{ + die('breakin attempt'); + } } |
