From: harris wong <hwong@ocad.ca>
Date: Tue, 30 Aug 2011 20:35:00 +0000 (-0000)
Subject: 4781: Check if theme paths are relative, if so, silently set it back to default and... 
X-Git-Url: https://iam.tj/gitweb/gitweb.cgi?p=atutor.git;a=commitdiff_plain;h=9cad79388e7c9f97807563f5c5d7de6acfa566b9

4781: Check if theme paths are relative, if so, silently set it back to default and bring the user back to default preference page.
---

diff --git a/docs/include/vitals.inc.php b/docs/include/vitals.inc.php
index 8ee494887..f642bde10 100644
--- a/docs/include/vitals.inc.php
+++ b/docs/include/vitals.inc.php
@@ -302,6 +302,15 @@ $savant->addPath('template', AT_INCLUDE_PATH . '../themes/default/');
 
 //if user has requested theme change, make the change here
 if (($_POST['theme'] || $_POST['mobile_theme']) && $_POST['submit']) {
+    //http://atutor.ca/atutor/mantis/view.php?id=4781
+    //Themes should be in the same folder, disallow '../'
+    $newTheme = str_replace("../", "", $_POST['theme']);
+    $newMobileTheme = str_replace("../", "", $_POST['mobile_theme']);
+    if ($newTheme != $_POST['theme'] || $newMobileTheme != $_POST['mobile_theme']) {
+        header('Location:'.AT_BASE_HREF.'users/preferences.php');
+	    exit;
+    }
+    
     $_SESSION['prefs']['PREF_THEME'] = $addslashes($_POST['theme']);
     $_SESSION['prefs']['PREF_MOBILE_THEME'] = $addslashes($_POST['mobile_theme']);
 } else if ($_POST['set_default']) {