projects
/
atutor.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
71d96ae
)
4781: Check if theme paths are relative, if so, silently set it back to default and...
author
harris wong
<hwong@ocad.ca>
Tue, 30 Aug 2011 20:35:00 +0000
(20:35 -0000)
committer
harris wong
<hwong@ocad.ca>
Tue, 30 Aug 2011 20:35:00 +0000
(20:35 -0000)
docs/include/vitals.inc.php
patch
|
blob
|
history
diff --git
a/docs/include/vitals.inc.php
b/docs/include/vitals.inc.php
index
8ee4948
..
f642bde
100644
(file)
--- a/
docs/include/vitals.inc.php
+++ b/
docs/include/vitals.inc.php
@@
-302,6
+302,15
@@
$savant->addPath('template', AT_INCLUDE_PATH . '../themes/default/');
//if user has requested theme change, make the change here
if (($_POST['theme'] || $_POST['mobile_theme']) && $_POST['submit']) {
//if user has requested theme change, make the change here
if (($_POST['theme'] || $_POST['mobile_theme']) && $_POST['submit']) {
+ //http://atutor.ca/atutor/mantis/view.php?id=4781
+ //Themes should be in the same folder, disallow '../'
+ $newTheme = str_replace("../", "", $_POST['theme']);
+ $newMobileTheme = str_replace("../", "", $_POST['mobile_theme']);
+ if ($newTheme != $_POST['theme'] || $newMobileTheme != $_POST['mobile_theme']) {
+ header('Location:'.AT_BASE_HREF.'users/preferences.php');
+ exit;
+ }
+
$_SESSION['prefs']['PREF_THEME'] = $addslashes($_POST['theme']);
$_SESSION['prefs']['PREF_MOBILE_THEME'] = $addslashes($_POST['mobile_theme']);
} else if ($_POST['set_default']) {
$_SESSION['prefs']['PREF_THEME'] = $addslashes($_POST['theme']);
$_SESSION['prefs']['PREF_MOBILE_THEME'] = $addslashes($_POST['mobile_theme']);
} else if ($_POST['set_default']) {