From: <dam...@us...> - 2004-03-25 23:20:40
|
Update of /cvsroot/tikiwiki/tiki/modules In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv32537 Modified Files: Tag: release_eta_carinea_rc1 mod-top_image_galleries.php Log Message: Security Fix: Path Disclosure patch Index: mod-top_image_galleries.php =================================================================== RCS file: /cvsroot/tikiwiki/tiki/modules/mod-top_image_galleries.php,v retrieving revision 1.3 retrieving revision 1.3.4.1 diff -u -d -r1.3 -r1.3.4.1 --- mod-top_image_galleries.php 9 Apr 2003 08:00:41 -0000 1.3 +++ mod-top_image_galleries.php 25 Mar 2004 23:09:44 -0000 1.3.4.1 @@ -1,4 +1,10 @@ <?php + +//this script may only be included - so its better to die if called directly. +if (strpos($_SERVER["SCRIPT_NAME"],basename(__FILE__)) !== false) { + die("This script cannot be called directly"); +} + $ranking = $tikilib->list_visible_galleries(0, $module_rows, 'hits_desc','admin',''); $smarty->assign('modTopGalleries',$ranking["data"]); ?> |