mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-03-14 04:30:15 +01:00
Code Issues Projects Releases Wiki Activity

merged from MOODLE_14_STABLE; updated parameter cleaning, preparation for new file.php SC#5

Browse Source
This commit is contained in:
skodak 2004-11-19 21:28:29 +00:00
parent 7e0286af89
commit d52d5a8e85
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/moodlelib.php
View File

@ -189,19 +189,23 @@ function clean_param($param, $options) {
}
if ($options & PARAM_FILE) { // Strip all suspicious characters from filename
$param = str_replace('\\', '/', $param);
$param = basename($param);
$param = ereg_replace('\.\.+', '', $param);
$param = ereg_replace('[[:cntrl:]]|[<>"\`\|\']', '', $param);
$param = clean_param($param, PARAM_PATH);
$pos = strrpos($param,'/');
if ($pos !== FALSE) {
$param = substr($param, $pos+1);
}
if ($param === '.' or $param === ' ') {
$param = '';
}
}
}
if ($options & PARAM_PATH) { // Strip all suspicious characters from file path
$param = str_replace('\\\'', '\'', $param);
$param = str_replace('\\"', '"', $param);
$param = str_replace('\\', '/', $param);
$param = ereg_replace('[[:cntrl:]]|[<>"`\|\']', '', $param);
$param = ereg_replace('\.\.+', '', $param);
$param = ereg_replace('[[:cntrl:]]|[<>"\`\|\']', '', $param);
$param = ereg_replace('//+', '/', $param);
}
return $param;