From: <dam...@us...> - 2004-03-25 23:21:55
|
Update of /cvsroot/tikiwiki/tiki/modules In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv454 Modified Files: Tag: release_eta_carinea_rc1 mod-user_blogs.php Log Message: Security Fix: Path Disclosure patch Index: mod-user_blogs.php =================================================================== RCS file: /cvsroot/tikiwiki/tiki/modules/mod-user_blogs.php,v retrieving revision 1.1 retrieving revision 1.1.8.1 diff -u -d -r1.1 -r1.1.8.1 --- mod-user_blogs.php 18 Oct 2002 16:31:39 -0000 1.1 +++ mod-user_blogs.php 25 Mar 2004 23:11:04 -0000 1.1.8.1 @@ -1,4 +1,10 @@ <?php + +//this script may only be included - so its better to die if called directly. +if (strpos($_SERVER["SCRIPT_NAME"],basename(__FILE__)) !== false) { + die("This script cannot be called directly"); +} + $ranking = $tikilib->list_user_blogs($user,false); $smarty->assign('modUserBlogs',$ranking); -?> \ No newline at end of file +?> |