Mercurial > hg > mlmmj
comparison contrib/web/php-admin/htdocs/edit.php @ 786:b542f6e55f5b
Better validation of input in php-admin (Thomas Goirand)
author | Ben Schmidt |
---|---|
date | Sun, 21 Nov 2010 00:30:23 +1100 |
parents | a50b8ab11d28 |
children | d03fae037eb4 |
comparison
equal
deleted
inserted
replaced
785:4294e7f1209f | 786:b542f6e55f5b |
---|---|
102 $list = $HTTP_GET_VARS["list"]; | 102 $list = $HTTP_GET_VARS["list"]; |
103 | 103 |
104 if(!isset($list)) | 104 if(!isset($list)) |
105 die("no list specified"); | 105 die("no list specified"); |
106 | 106 |
107 if (strchr($list, "/") !== false) | 107 if (dirname(realpath($topdir."/".$list)) != $topdir) |
108 die("slash in list name"); | 108 die("list outside topdir"); |
109 | |
110 if ($list == ".") | |
111 die("list name is dot"); | |
112 | |
113 if ($list == "..") | |
114 die("list name is dot-dot"); | |
115 | 109 |
116 if(!is_dir($topdir."/".$list)) | 110 if(!is_dir($topdir."/".$list)) |
117 die("non-existent list"); | 111 die("non-existent list"); |
118 | 112 |
119 $tpl->define(array("main" => "edit.html", | 113 $tpl->define(array("main" => "edit.html", |