golem
/
twentyGOLEM
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add some page template validation 

git-svn-id: http://svn.automattic.com/wordpress/trunk@7921 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2008-05-12 23:51:54 +00:00
parent 9830ab988c
commit dcf35ab2ed
3 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
wp-admin/includes/file.php
View File

@ -68,22 +68,6 @@ function wp_tempnam($filename = '', $dir = ''){
return $filename;
}
function validate_file( $file, $allowed_files = '' ) {
if ( false !== strpos( $file, '..' ))
return 1;
if ( false !== strpos( $file, './' ))
return 1;
if (':' == substr( $file, 1, 1 ))
return 2;
if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) )
return 3;
return 0;
}
function validate_file_to_edit( $file, $allowed_files = '' ) {
$file = stripslashes( $file );

16
wp-includes/functions.php
View File

@ -1749,4 +1749,20 @@ function apache_mod_loaded($mod, $default = false) {
return $default;
}
function validate_file( $file, $allowed_files = '' ) {
if ( false !== strpos( $file, '..' ))
return 1;
if ( false !== strpos( $file, './' ))
return 1;
if (':' == substr( $file, 1, 1 ))
return 2;
if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) )
return 3;
return 0;
}
?>

2
wp-includes/theme.php
View File

@ -419,7 +419,7 @@ function get_page_template() {
if ( 'default' == $template )
$template = '';
if ( !empty($template) && file_exists(TEMPLATEPATH . "/$template") )
if ( !empty($template) && !validate_file($template) && file_exists(TEMPLATEPATH . "/$template") )
$template = TEMPLATEPATH . "/$template";
elseif ( file_exists(TEMPLATEPATH . "/page.php") )
$template = TEMPLATEPATH . "/page.php";