Changeset 1294
- Timestamp:
- 05/16/08 12:33:45 (7 months ago)
- Files:
-
- trunk/wp-admin/includes/file.php (modified) (1 diff)
- trunk/wp-includes/functions.php (modified) (1 diff)
- trunk/wp-includes/theme.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/wp-admin/includes/file.php
r1260 r1294 55 55 56 56 return '/tmp/'; 57 }58 59 function validate_file( $file, $allowed_files = '' ) {60 if ( false !== strpos( $file, '..' ))61 return 1;62 63 if ( false !== strpos( $file, './' ))64 return 1;65 66 if (':' == substr( $file, 1, 1 ))67 return 2;68 69 if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) )70 return 3;71 72 return 0;73 57 } 74 58 trunk/wp-includes/functions.php
r1280 r1294 1763 1763 } 1764 1764 1765 function validate_file( $file, $allowed_files = '' ) { 1766 if ( false !== strpos( $file, '..' )) 1767 return 1; 1768 1769 if ( false !== strpos( $file, './' )) 1770 return 1; 1771 1772 if (':' == substr( $file, 1, 1 )) 1773 return 2; 1774 1775 if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) ) 1776 return 3; 1777 1778 return 0; 1779 } 1780 1765 1781 ?> trunk/wp-includes/theme.php
r1260 r1294 420 420 $template = ''; 421 421 422 if ( !empty($template) && file_exists(TEMPLATEPATH . "/$template") )422 if ( !empty($template) && !validate_file($template) && file_exists(TEMPLATEPATH . "/$template") ) 423 423 $template = TEMPLATEPATH . "/$template"; 424 424 elseif ( file_exists(TEMPLATEPATH . "/page.php") )
