Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
ISPConfig 3
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Helmo
ISPConfig 3
Commits
d09f4db5
Commit
d09f4db5
authored
Aug 17, 2018
by
Till Brehm
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Finetuning for #5102
parent
6e094613
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
5 additions
and
4 deletions
+5
-4
interface/lib/classes/functions.inc.php
interface/lib/classes/functions.inc.php
+5
-4
No files found.
interface/lib/classes/functions.inc.php
View file @
d09f4db5
...
...
@@ -480,9 +480,9 @@ class functions {
// Function to check paths before we use it as include. Use with absolute paths only.
public
function
check_include_path
(
$path
)
{
if
(
strpos
(
$path
,
'//'
))
die
(
'Include path seems to be an URL: '
.
$this
->
htmlentities
(
$path
));
if
(
strpos
(
$path
,
'..'
))
die
(
'Two dots are not allowed in include path: '
.
$this
->
htmlentities
(
$path
));
if
(
!
preg_match
(
"/^[a-zA-Z0-9_\/\.\-]
{
1,
}
$/"
,
$path
))
die
(
'Wrong chars in include path: '
.
$this
->
htmlentities
(
$path
));
if
(
strpos
(
$path
,
'//'
)
===
false
)
die
(
'Include path seems to be an URL: '
.
$this
->
htmlentities
(
$path
));
if
(
strpos
(
$path
,
'..'
)
===
false
)
die
(
'Two dots are not allowed in include path: '
.
$this
->
htmlentities
(
$path
));
if
(
!
preg_match
(
"/^[a-zA-Z0-9_\/\.\-]
+
$/"
,
$path
))
die
(
'Wrong chars in include path: '
.
$this
->
htmlentities
(
$path
));
$path
=
realpath
(
$path
);
if
(
$path
==
''
)
die
(
'Include path does not exist.'
);
if
(
substr
(
$path
,
0
,
strlen
(
ISPC_ROOT_PATH
))
!=
ISPC_ROOT_PATH
)
die
(
'Path '
.
$this
->
htmlentities
(
$path
)
.
' is outside of ISPConfig installation directory.'
);
...
...
@@ -495,7 +495,8 @@ class functions {
if
(
preg_match
(
'/^[a-z]{2}$/'
,
$language
))
{
return
$language
;
}
else
{
die
(
'Invalid language string: '
.
$this
->
htmlentities
(
$language
));
$app
->
log
(
'Wrong language string: '
.
$this
->
htmlentities
(
$language
),
1
);
return
'en'
;
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment