diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index a222b40bd..d9d912870 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -68,22 +68,6 @@ function wp_tempnam($filename = '', $dir = ''){ return $filename; } -function validate_file( $file, $allowed_files = '' ) { - if ( false !== strpos( $file, '..' )) - return 1; - - if ( false !== strpos( $file, './' )) - return 1; - - if (':' == substr( $file, 1, 1 )) - return 2; - - if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) ) - return 3; - - return 0; -} - function validate_file_to_edit( $file, $allowed_files = '' ) { $file = stripslashes( $file ); diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 0a05cccec..96c99b622 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -1749,4 +1749,20 @@ function apache_mod_loaded($mod, $default = false) { return $default; } +function validate_file( $file, $allowed_files = '' ) { + if ( false !== strpos( $file, '..' )) + return 1; + + if ( false !== strpos( $file, './' )) + return 1; + + if (':' == substr( $file, 1, 1 )) + return 2; + + if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) ) + return 3; + + return 0; +} + ?> diff --git a/wp-includes/theme.php b/wp-includes/theme.php index 984b4ee22..2bff937e4 100644 --- a/wp-includes/theme.php +++ b/wp-includes/theme.php @@ -419,7 +419,7 @@ function get_page_template() { if ( 'default' == $template ) $template = ''; - if ( !empty($template) && file_exists(TEMPLATEPATH . "/$template") ) + if ( !empty($template) && !validate_file($template) && file_exists(TEMPLATEPATH . "/$template") ) $template = TEMPLATEPATH . "/$template"; elseif ( file_exists(TEMPLATEPATH . "/page.php") ) $template = TEMPLATEPATH . "/page.php";