Update of /cvsroot/phpwiki/phpwiki/lib
In directory usw-pr-cvs1:/tmp/cvs-serv4467/lib
Modified Files:
display.php
Log Message:
Minor security bug fix.
The URL 'index.php?zip=all' should not get you to the wiki page
named 'zip=all'.
Index: display.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/display.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -r1.5 -r1.6
*** display.php 2000/12/30 21:09:13 1.5
--- display.php 2001/02/07 21:11:46 1.6
***************
*** 7,12 ****
// if it wasn't this file would not have been included
! if (!empty($argv[0])) {
! $pagename = rawurldecode($argv[0]);
} else {
$pagename = gettext("FrontPage");
--- 7,15 ----
// if it wasn't this file would not have been included
! if (empty($QUERY_STRING) && isset($argv[0]))
! $QUERY_STRING = $argv[0];
!
! if (isset($QUERY_STRING) && preg_match('/^[-+%\w]+$/', $QUERY_STRING)) {
! $pagename = urldecode($QUERY_STRING);
} else {
$pagename = gettext("FrontPage");
|
