mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-02-25 04:23:38 +01:00
Code Issues Releases Wiki Activity

[ticket/9801] Allow display of page outside board directory on viewonline

Browse Source 
Until now, the preg_match didn't take into account that a page might be
outside the board directory. After this change, the regular expression will
allow preceding dots and slashes. Paths like ../../test.php will be allowed.
The page will be unknown in viewonline.php and it will revert to index.php as
current page. However, the core.viewonline_overwrite_location event will
receive proper info of the page the user is on right now allowing a listener
to change the info that is being displayed.

PHPBB3-9801
This commit is contained in:
Marc Alexander 2014-06-11 23:34:51 +02:00
parent 694f8391c9
commit 204904441a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/viewonline.php
View File

@ -213,7 +213,7 @@ while ($row = $db->sql_fetchrow($result))
continue;
}
preg_match('#^([a-z0-9/_-]+)#i', $row['session_page'], $on_page);
preg_match('#^([./\\]*+[a-z0-9/_-]+)#i', $row['session_page'], $on_page);
if (!sizeof($on_page))
{
$on_page[1] = '';