mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-07 23:26:41 +02:00
Code Issues Releases Wiki Activity

Prevent hash disclosure.

Browse Source
This commit is contained in:
Cameron
2013-04-27 13:15:04 -07:00
parent b2e6305458
commit 80ec0b9b40
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
e107_handlers/e_parse_class.php
View File

@@ -1840,6 +1840,11 @@ class e_parse extends e_parser
parse_str($options, $options); parse_str($options, $options);
} }
if(strstr($url,e_MEDIA) || strstr($url,e_SYSTEM)) // prevent disclosure of 'hashed' path.
{
$raw = true;
}
if($raw) $url = $this->createConstants($url, 'mix'); if($raw) $url = $this->createConstants($url, 'mix');
$baseurl = ($full ? SITEURL : e_HTTP).'thumb.php?'; $baseurl = ($full ? SITEURL : e_HTTP).'thumb.php?';