From cd2fa2dd9b9a63304b0489fc94f81a26ba39bfa3 Mon Sep 17 00:00:00 2001 From: Cameron <e107inc@gmail.com> Date: Sun, 2 Apr 2017 14:30:30 -0700 Subject: [PATCH] Plugin class: check for bad folder names. --- e107_handlers/plugin_class.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/e107_handlers/plugin_class.php b/e107_handlers/plugin_class.php index b6b3cb75e..1b00a6130 100644 --- a/e107_handlers/plugin_class.php +++ b/e107_handlers/plugin_class.php @@ -474,11 +474,13 @@ class e_plugin $arr = array(); + var_dump($dirs); + foreach($dirs as $plugName) { $ret = null; - if(empty($plugName) || $plugName === '.' || $plugName === '..' || !is_dir(e_PLUGIN.$plugName)) + if((htmlentities($plugName) != $plugName) || empty($plugName) || $plugName === '.' || $plugName === '..' || !is_dir(e_PLUGIN.$plugName)) { continue; }