Menu
▾
▴
[xoops-svn] SF.net SVN: xoops-svn:[10983] XoopsCore/branches/2.5.x/2.5.6
|
From: <tr...@us...> - 2013-02-04 20:20:18
|
Revision: 10983
http://sourceforge.net/p/xoops/svn/10983
Author: trabis
Date: 2013-02-04 20:20:15 +0000 (Mon, 04 Feb 2013)
Log Message:
-----------
Fixing LFI vulnerability issue
Modified Paths:
--------------
XoopsCore/branches/2.5.x/2.5.6/docs/changelog.250.txt
XoopsCore/branches/2.5.x/2.5.6/htdocs/modules/system/admin/tplsets/jquery.php
Modified: XoopsCore/branches/2.5.x/2.5.6/docs/changelog.250.txt
===================================================================
--- XoopsCore/branches/2.5.x/2.5.6/docs/changelog.250.txt 2013-02-04 19:59:15 UTC (rev 10982)
+++ XoopsCore/branches/2.5.x/2.5.6/docs/changelog.250.txt 2013-02-04 20:20:15 UTC (rev 10983)
@@ -12,7 +12,9 @@
- XSS/CSRF vulnerability in system/admin/groupperm.php (Dingjie Yang,Qualys/trabis)
- XSS/CSRF vulnerability in system/modulesadmin/main.php (Dingjie Yang,Qualys/trabis)
- XSS/CSRF vulnerability in system/admin/blocksadmin/main.php (Marcin,Ariko-Security Team/trabis)
+ - LFI vulnerability in system/admin/tplsets/jquery.php (Marcin,Ariko-Security Team/trabis)
+
===============================
2013/01/22: Version 2.5.6 Beta
===============================
Modified: XoopsCore/branches/2.5.x/2.5.6/htdocs/modules/system/admin/tplsets/jquery.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.6/htdocs/modules/system/admin/tplsets/jquery.php 2013-02-04 19:59:15 UTC (rev 10982)
+++ XoopsCore/branches/2.5.x/2.5.6/htdocs/modules/system/admin/tplsets/jquery.php 2013-02-04 20:20:15 UTC (rev 10983)
@@ -86,7 +86,7 @@
break;
// Edit File
case 'tpls_edit_file':
- $path_file = XOOPS_ROOT_PATH.'/themes'.trim($_REQUEST['path_file']);
+ $path_file = realpath(XOOPS_ROOT_PATH.'/themes'.trim($_REQUEST['path_file']));
//Button restore
if(file_exists($path_file.'.back')){
|
