mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-02-24 20:13:22 +01:00
Code Issues Releases Wiki Activity

Bug #55665 - Restrict search for styles/../style.cfg to folders.

Browse Source 
Authorised by: bantu

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10360 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Joas Schilling 2009-12-21 22:29:28 +00:00
parent 64898803af
commit 1261e21eac
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
phpBB/docs/CHANGELOG.html
View File

@ -121,6 +121,7 @@
<li>[Fix] Correctly get unread status information for global announcements in search results.</li> <li>[Fix] Correctly get unread status information for global announcements in search results.</li>
<li>[Fix] Correctly handle global announcements in ATOM feeds.</li> <li>[Fix] Correctly handle global announcements in ATOM feeds.</li>
<li>[Fix] Use correct limit config parameter in the News feed.</li> <li>[Fix] Use correct limit config parameter in the News feed.</li>
<li>[Fix] Restrict search for styles/../style.cfg to folders. (Bug #55665)</li>
<li>[Change] Move redirect into a hidden field to avoid issues with mod_security. (Bug #54145)</li> <li>[Change] Move redirect into a hidden field to avoid issues with mod_security. (Bug #54145)</li>
<li>[Change] Log activation through inactive users ACP. (Bug #30145)</li> <li>[Change] Log activation through inactive users ACP. (Bug #30145)</li>
<li>[Change] Send time of last item instead of current time in ATOM Feeds. (Bug #53305)</li> <li>[Change] Send time of last item instead of current time in ATOM Feeds. (Bug #53305)</li>

4
phpBB/includes/acp/acp_styles.php
View File

@ -643,6 +643,10 @@ parse_css_file = {PARSE_CSS_FILE}
{ {
while (($file = readdir($dp)) !== false) while (($file = readdir($dp)) !== false)
{ {
if (!is_dir($file))
{
continue;
}
$subpath = ($mode != 'style') ? "$mode/" : ''; $subpath = ($mode != 'style') ? "$mode/" : '';
if ($file[0] != '.' && file_exists("{$phpbb_root_path}styles/$file/$subpath$mode.cfg")) if ($file[0] != '.' && file_exists("{$phpbb_root_path}styles/$file/$subpath$mode.cfg"))
{ {