BUG FIX! - fixes error that could allow ANY file on the system to be read!
authormartin <martin>
Thu, 5 Sep 2002 11:53:17 +0000 (11:53 +0000)
committermartin <martin>
Thu, 5 Sep 2002 11:53:17 +0000 (11:53 +0000)
lib/weblib.php

index 1f259db..a77e40f 100644 (file)
@@ -240,6 +240,10 @@ function get_slash_arguments($i=0) {
         return false;
     }
 
+    if (strpos($PATH_INFO, "..")) {  // check for funny business
+        return false;
+    }
+
     $args = explode("/", $PATH_INFO);
 
     if ($i) {     // return just the required argument