dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8f48467) | patch
Better path traversal prevention in TemplateParser.
authorBrian Wolff <bawolff+wn@gmail.com>
Tue, 14 Mar 2017 04:01:09 +0000 (04:01 +0000)
committerBrian Wolff <bawolff+wn@gmail.com>
Tue, 14 Mar 2017 18:43:11 +0000 (18:43 +0000)
commit73e08353fb96f5cbd93c6a7004d91c3d0845b446
tree1b6c0417585c1a2efa380a04c724fb38ad1fcad9tree | snapshot
parent8f48467d26f617578bbdd95a13a42ae9798789c1commit | diff
Better path traversal prevention in TemplateParser.

In practise this probably doesn't matter, since template names
are not user controlled, and php isn't stupid enough to fall for
tricks with nulls (afaict). Nonetheless, the code from Title is
only meant to prevent url traversal, it is not meant to prevent
file system path traversal.

Change-Id: Id690576326d03744acc8fbbe78f4b7a4b4c04d7e
includes/TemplateParser.php diff | blob | history
tests/phpunit/includes/TemplateParserTest.php diff | blob | history
Wiklou, le Wiki du Wiklou