Mercurial > hg > mlmmj

diff contrib/web/php-admin/htdocs/edit.php @ 786:b542f6e55f5b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Better validation of input in php-admin (Thomas Goirand)
author Ben Schmidt
date Sun, 21 Nov 2010 00:30:23 +1100
parents a50b8ab11d28
children d03fae037eb4
line wrap: on
line diff
--- a/contrib/web/php-admin/htdocs/edit.php	Sun Nov 21 00:28:46 2010 +1100
+++ b/contrib/web/php-admin/htdocs/edit.php	Sun Nov 21 00:30:23 2010 +1100
@@ -104,14 +104,8 @@
 if(!isset($list))
 die("no list specified");
 
-if (strchr($list, "/") !== false)
-die("slash in list name");
-
-if ($list == ".")
-die("list name is dot");
-
-if ($list == "..")
-die("list name is dot-dot");
+if (dirname(realpath($topdir."/".$list)) != $topdir)
+die("list outside topdir");
 
 if(!is_dir($topdir."/".$list))
 die("non-existent list");