Navigation

← Previous Changeset
Next Changeset →

Changeset 601

Timestamp:

10/15/06 16:31:18 (2 years ago)

Author:

Rickard

Message:

Fixed a local file inclusion vulnerability. Was fixed into profile.php some time ago, but for some reason, was left out of register.php.

Files:

trunk/upload/admin_options.php (modified) (1 diff)
trunk/upload/register.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/upload/admin_options.php

r588	r601
46	46	if ($form['board_title'] == '')
47	47	message('You must enter a board title.');
	48
	49	// Clean default_lang
	50	$form['default_lang'] = preg_replace('#[\.\\\/]#', '', $form['default_lang']);
48	51
49	52	require PUN_ROOT.'include/email.php';

trunk/upload/register.php

r336	r601
174	174	}
175	175
	176	// Make sure we got a valid language string
	177	if (isset($_POST['language']))
	178	{
	179	$language = preg_replace('#[\.\\\/]#', '', $_POST['language']);
	180	if (!file_exists(PUN_ROOT.'lang/'.$language.'/common.php'))
	181	message($lang_common['Bad request']);
	182	}
	183	else
	184	$language = $pun_config['o_default_lang'];
	185
176	186	$timezone = intval($_POST['timezone']);
177		~~$language = isset($_POST['language']) ? $_POST['language'] : $pun_config['o_default_lang'];~~
178	187	$save_pass = (!isset($_POST['save_pass']) \|\| $_POST['save_pass'] != '1') ? '0' : '1';
179	188

Download in other formats: