diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-05-16 12:33:45 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-05-16 12:33:45 +0000 |
commit | 74340c7281fac695c73ce5845c41355c29e8f6a9 (patch) | |
tree | 36643c23e311a4e27c34e3af469276e75d6cc216 /wp-includes | |
parent | ef1c2e3e754485aaf6d2d7126d9f0b7474e7587b (diff) | |
download | wordpress-mu-74340c7281fac695c73ce5845c41355c29e8f6a9.tar.gz wordpress-mu-74340c7281fac695c73ce5845c41355c29e8f6a9.tar.xz wordpress-mu-74340c7281fac695c73ce5845c41355c29e8f6a9.zip |
WP Merge, page template validation
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1294 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-includes')
-rw-r--r-- | wp-includes/functions.php | 16 | ||||
-rw-r--r-- | wp-includes/theme.php | 2 |
2 files changed, 17 insertions, 1 deletions
diff --git a/wp-includes/functions.php b/wp-includes/functions.php index b1b85bd..51445a1 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -1762,4 +1762,20 @@ function apache_mod_loaded($mod, $default = false) { return $default; } +function validate_file( $file, $allowed_files = '' ) { + if ( false !== strpos( $file, '..' )) + return 1; + + if ( false !== strpos( $file, './' )) + return 1; + + if (':' == substr( $file, 1, 1 )) + return 2; + + if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) ) + return 3; + + return 0; +} + ?> diff --git a/wp-includes/theme.php b/wp-includes/theme.php index 984b4ee..2bff937 100644 --- a/wp-includes/theme.php +++ b/wp-includes/theme.php @@ -419,7 +419,7 @@ function get_page_template() { if ( 'default' == $template ) $template = ''; - if ( !empty($template) && file_exists(TEMPLATEPATH . "/$template") ) + if ( !empty($template) && !validate_file($template) && file_exists(TEMPLATEPATH . "/$template") ) $template = TEMPLATEPATH . "/$template"; elseif ( file_exists(TEMPLATEPATH . "/page.php") ) $template = TEMPLATEPATH . "/page.php"; |