diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-01-02 16:00:05 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-01-02 16:00:05 +0000 |
commit | 1503e05616c295e6f980134dc341fa1a66dc9672 (patch) | |
tree | b0a7dc356affec0059670603f1cb990da7dbc026 /wp-admin/includes/file.php | |
parent | c65d51fec1d641efd1ec8a44c046cd54d588fe3b (diff) | |
download | wordpress-mu-1503e05616c295e6f980134dc341fa1a66dc9672.tar.gz wordpress-mu-1503e05616c295e6f980134dc341fa1a66dc9672.tar.xz wordpress-mu-1503e05616c295e6f980134dc341fa1a66dc9672.zip |
Merge with WP 2.3.2
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1172 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-admin/includes/file.php')
-rw-r--r-- | wp-admin/includes/file.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index 25d9c26..45c05e5 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -43,6 +43,9 @@ function get_real_file_to_edit( $file ) { } function validate_file( $file, $allowed_files = '' ) { + if ( false !== strpos( $file, '..' )) + return 1; + if ( false !== strpos( $file, './' )) return 1; |