Changeset 7921
- Timestamp:
- 05/12/08 23:51:54 (4 months ago)
- Files:
-
- trunk/wp-admin/includes/file.php (modified) (1 diff)
- trunk/wp-includes/functions.php (modified) (1 diff)
- trunk/wp-includes/theme.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/wp-admin/includes/file.php
r7895 r7921 67 67 touch($filename); 68 68 return $filename; 69 }70 71 function validate_file( $file, $allowed_files = '' ) {72 if ( false !== strpos( $file, '..' ))73 return 1;74 75 if ( false !== strpos( $file, './' ))76 return 1;77 78 if (':' == substr( $file, 1, 1 ))79 return 2;80 81 if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) )82 return 3;83 84 return 0;85 69 } 86 70 trunk/wp-includes/functions.php
r7884 r7921 1750 1750 } 1751 1751 1752 function validate_file( $file, $allowed_files = '' ) { 1753 if ( false !== strpos( $file, '..' )) 1754 return 1; 1755 1756 if ( false !== strpos( $file, './' )) 1757 return 1; 1758 1759 if (':' == substr( $file, 1, 1 )) 1760 return 2; 1761 1762 if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) ) 1763 return 3; 1764 1765 return 0; 1766 } 1767 1752 1768 ?> trunk/wp-includes/theme.php
r7586 r7921 420 420 $template = ''; 421 421 422 if ( !empty($template) && file_exists(TEMPLATEPATH . "/$template") )422 if ( !empty($template) && !validate_file($template) && file_exists(TEMPLATEPATH . "/$template") ) 423 423 $template = TEMPLATEPATH . "/$template"; 424 424 elseif ( file_exists(TEMPLATEPATH . "/page.php") )
