Update of /cvsroot/phpicalendar/phpicalendar/functions
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv6563/phpicalendar/functions
Modified Files:
template.php
Log Message:
Sanitize file in parse function
Index: template.php
===================================================================
RCS file: /cvsroot/phpicalendar/phpicalendar/functions/template.php,v
retrieving revision 1.80
retrieving revision 1.81
diff -C2 -d -r1.80 -r1.81
*** template.php 8 Feb 2006 08:07:54 -0000 1.80
--- template.php 9 Feb 2006 04:37:12 -0000 1.81
***************
*** 1035,1043 ****
--- 1035,1049 ----
function parse($file) {
+ global $template;
ob_start();
+ $file = str_replace("..","",$file);
+ if (strpos($file, "$template") > 0 || $file =='./functions/event.js'){
include($file);
$buffer = ob_get_contents();
ob_end_clean();
return $buffer;
+ }else{
+ die('breakin attempt');
+ }
}
|
