mirror of
https://github.com/phpbb/phpbb.git
synced 2025-10-24 13:16:16 +02:00
Merge branch 'ticket/rxu/10035' into develop-olympus
* ticket/rxu/10035: [ticket/10035] ACP template edit feature allows to read any files on webserver.
This commit is contained in:
@@ -716,7 +716,7 @@ parse_css_file = {PARSE_CSS_FILE}
|
|||||||
$save_changes = (isset($_POST['save'])) ? true : false;
|
$save_changes = (isset($_POST['save'])) ? true : false;
|
||||||
|
|
||||||
// make sure template_file path doesn't go upwards
|
// make sure template_file path doesn't go upwards
|
||||||
$template_file = str_replace('..', '.', $template_file);
|
$template_file = preg_replace('#\.{2,}#', '.', $template_file);
|
||||||
|
|
||||||
// Retrieve some information about the template
|
// Retrieve some information about the template
|
||||||
$sql = 'SELECT template_storedb, template_path, template_name
|
$sql = 'SELECT template_storedb, template_path, template_name
|
||||||
|
Reference in New Issue
Block a user