Update of /cvsroot/phpicalendar/phpicalendar/functions
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv5429/phpicalendar/functions
Modified Files:
template.php
Log Message:
fix path bug introduced by security patch in 2.21 release
Index: template.php
===================================================================
RCS file: /cvsroot/phpicalendar/phpicalendar/functions/template.php,v
retrieving revision 1.81
retrieving revision 1.82
diff -C2 -d -r1.81 -r1.82
*** template.php 9 Feb 2006 04:37:12 -0000 1.81
--- template.php 15 Feb 2006 08:32:05 -0000 1.82
***************
*** 1037,1046 ****
global $template;
ob_start();
! $file = str_replace("..","",$file);
! if (strpos($file, "$template") > 0 || $file =='./functions/event.js'){
! include($file);
! $buffer = ob_get_contents();
! ob_end_clean();
! return $buffer;
}else{
die('breakin attempt');
--- 1037,1045 ----
global $template;
ob_start();
! if (strpos($file, "$template") > 0 || $file =='./functions/event.js'){
! include($file);
! $buffer = ob_get_contents();
! ob_end_clean();
! return $buffer;
}else{
die('breakin attempt');
|
