local file inclusion

2009-09-26 15:55:21 +00:00 · 2009-09-26 15:55:21 +00:00 · af198950ca
commit af198950ca
parent 60e0c7ba42
2 changed files with 3 additions and 2 deletions
--- a/comments.php
+++ b/comments.php
@ -99,7 +99,7 @@

 				$name 	= trim(stripslashes(@$_POST['name']));
 				$email 	= isset($_POST['email'])? trim($_POST['email']) : null;
-				$url 	= isset($_POST['url'])? trim(stripslashes($_POST['url'])) : null;
+				$url 	= isset($_POST['url'])? trim(stripslashes(htmlspecialchars($_POST['url']))) : null;
 				
 				/*
 				 * check name
--- a/fp-includes/core/core.users.php
+++ b/fp-includes/core/core.users.php
@ -103,7 +103,8 @@
 		if ($userid == null && ($user = user_loggedin())) {
 			return $user;
 		} 
-		if (file_exists($f = USERS_DIR . $userid.".php")) {
+		if (!preg_match('![/\\.]!', $userid) &&
+			file_exists($f = USERS_DIR . $userid.".php")) {
 			include($f);
 			
 			return $user;