Changeset 4095
- Timestamp:
- 08/15/06 01:07:51 (2 years ago)
- Files:
-
- trunk/wp-content/plugins/wp-db-backup.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/wp-content/plugins/wp-db-backup.php
r4049 r4095 72 72 73 73 $this->backup_file = $_GET['backup']; 74 $this->validate_file($this->backup_file); 74 75 75 76 switch($via) { … … 98 99 if (isset($_GET['fragment'] )) { 99 100 list($table, $segment, $filename) = explode(':', $_GET['fragment']); 101 $this->validate_file($filename); 100 102 $this->backup_fragment($table, $segment, $filename); 101 103 } … … 881 883 return; 882 884 } // wp_cron_db_backup 885 886 function validate_file($file) { 887 if (false !== strpos($file, '..')) 888 die(__("Cheatin' uh ?")); 889 890 if (false !== strpos($file, './')) 891 die(__("Cheatin' uh ?")); 892 893 if (':' == substr($file, 1, 1)) 894 die(__("Cheatin' uh ?")); 895 } 896 883 897 } 884 898
