mirror of
https://github.com/moodle/moodle.git
synced 2025-01-18 05:58:34 +01:00
MDL-49167 YUI: Fix for theme/yui_combo.php and $CFG->yuislashargs
It was too aggressively cleaning it's params (broken in MDL-48980).
This commit is contained in:
parent
7357af2b0c
commit
0bb431e3ac
@ -168,9 +168,11 @@ function min_enable_zlib_compression() {
|
||||
* Note: ".php" is NOT allowed in slasharguments,
|
||||
* it is intended for ASCII characters only.
|
||||
*
|
||||
* @param boolean $clean - Should we do cleaning on this path argument. If you set this
|
||||
* to false you MUST be very careful and do the cleaning manually.
|
||||
* @return string
|
||||
*/
|
||||
function min_get_slash_argument() {
|
||||
function min_get_slash_argument($clean = true) {
|
||||
// Note: This code has to work in the same cases as normal get_file_argument(),
|
||||
// but at the same time it may be simpler because we do not have to deal
|
||||
// with encodings and other tricky stuff.
|
||||
@ -180,7 +182,12 @@ function min_get_slash_argument() {
|
||||
if (!empty($_GET['file']) and strpos($_GET['file'], '/') === 0) {
|
||||
// Server is using url rewriting, most probably IIS.
|
||||
// Always clean the result of this function as it may be used in unsafe calls to send_file.
|
||||
return min_clean_param($_GET['file'], 'SAFEPATH');
|
||||
$relativepath = $_GET['file'];
|
||||
if ($clean) {
|
||||
$relativepath = min_clean_param($relativepath, 'SAFEPATH');
|
||||
}
|
||||
|
||||
return $relativepath;
|
||||
|
||||
} else if (stripos($_SERVER['SERVER_SOFTWARE'], 'iis') !== false) {
|
||||
if (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO'] !== '') {
|
||||
@ -199,5 +206,8 @@ function min_get_slash_argument() {
|
||||
}
|
||||
|
||||
// Always clean the result of this function as it may be used in unsafe calls to send_file.
|
||||
return min_clean_param($relativepath, 'SAFEPATH');
|
||||
if ($clean) {
|
||||
$relativepath = min_clean_param($relativepath, 'SAFEPATH');
|
||||
}
|
||||
return $relativepath;
|
||||
}
|
||||
|
@ -458,7 +458,7 @@ function combo_params() {
|
||||
// note: buggy or misconfigured IIS does return the query string in REQUEST_URI
|
||||
return array($_SERVER['QUERY_STRING'], false);
|
||||
|
||||
} else if ($slashargument = min_get_slash_argument()) {
|
||||
} else if ($slashargument = min_get_slash_argument(false)) {
|
||||
$slashargument = ltrim($slashargument, '/');
|
||||
return array($slashargument, true);
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user