Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

local file inclusion

Browse Source
This commit is contained in:
real_nowhereman 2009-09-26 15:55:21 +00:00
parent 60e0c7ba42
commit af198950ca
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
comments.php
View File

@ -99,7 +99,7 @@
$name = trim(stripslashes(@$_POST['name'])); $name = trim(stripslashes(@$_POST['name']));
$email = isset($_POST['email'])? trim($_POST['email']) : null; $email = isset($_POST['email'])? trim($_POST['email']) : null;
$url = isset($_POST['url'])? trim(stripslashes($_POST['url'])) : null; $url = isset($_POST['url'])? trim(stripslashes(htmlspecialchars($_POST['url']))) : null;
/* /*
* check name * check name

3
fp-includes/core/core.users.php
View File

@ -103,7 +103,8 @@
if ($userid == null && ($user = user_loggedin())) { if ($userid == null && ($user = user_loggedin())) {
return $user; return $user;
} }
if (file_exists($f = USERS_DIR . $userid.".php")) { if (!preg_match('![/\\.]!', $userid) &&
file_exists($f = USERS_DIR . $userid.".php")) {
include($f); include($f);
return $user; return $user;