WordPress.org

Plugin Directory

Changeset 582232 for vitamin


Ignore:
Timestamp:
08/06/12 11:41:12 (6 years ago)
Author:
SEO Peter
Message:

Big security issue fixed

Location:
vitamin
Files:
4 edited
2 copied

Legend:

Unmodified
Added
Removed
  • vitamin/tags/1.1/add_headers.php

    r581751 r582232  
    1010$path = $_GET['path']; 
    1111 
     12if( FALSE !== strpos($path, "../") ){ die("There are forbidden substrings in file path"); } 
     13if( $ext != substr($path, - strlen($ext)) ) { die("Extension does not fit with extension in filename"); } 
     14if( 'php' == strtolower($ext) ) { die("Adding headers to php files is forbidden"); } 
     15if( 'phtml' == strtolower($ext) ) { die("Adding headers to phtml files is forbidden"); } 
     16 
    1217define('SP_ABSPATH', dirname(dirname(dirname(dirname(__FILE__)))) ); 
    1318 
    1419$path = 'wp-content'.DIRECTORY_SEPARATOR.$path; 
    1520$file = SP_ABSPATH.DIRECTORY_SEPARATOR.$path; 
    16  
    1721 
    1822require_once 'classes/spClasses.php'; 
  • vitamin/tags/1.1/minify.php

    r581751 r582232  
    99$exp  = $_GET['exp']; 
    1010$path = $_GET['path']; 
     11 
     12if( FALSE !== strpos($path, "../") ){ die("There are forbidden substrings in file path"); } 
     13if( $ext != substr($path, - strlen($ext)) ) { die("Extension does not fit with extension in filename"); } 
     14if( 'php' == strtolower($ext) ) { die("Adding headers to php files is forbidden"); } 
     15if( 'phtml' == strtolower($ext) ) { die("Adding headers to phtml files is forbidden"); } 
    1116 
    1217define('SP_ABSPATH', dirname(dirname(dirname(dirname(__FILE__)))) ); 
  • vitamin/trunk/add_headers.php

    r581751 r582232  
    1010$path = $_GET['path']; 
    1111 
     12if( FALSE !== strpos($path, "../") ){ die("There are forbidden substrings in file path"); } 
     13if( $ext != substr($path, - strlen($ext)) ) { die("Extension does not fit with extension in filename"); } 
     14if( 'php' == strtolower($ext) ) { die("Adding headers to php files is forbidden"); } 
     15if( 'phtml' == strtolower($ext) ) { die("Adding headers to phtml files is forbidden"); } 
     16 
    1217define('SP_ABSPATH', dirname(dirname(dirname(dirname(__FILE__)))) ); 
    1318 
    1419$path = 'wp-content'.DIRECTORY_SEPARATOR.$path; 
    1520$file = SP_ABSPATH.DIRECTORY_SEPARATOR.$path; 
    16  
    1721 
    1822require_once 'classes/spClasses.php'; 
  • vitamin/trunk/minify.php

    r581751 r582232  
    99$exp  = $_GET['exp']; 
    1010$path = $_GET['path']; 
     11 
     12if( FALSE !== strpos($path, "../") ){ die("There are forbidden substrings in file path"); } 
     13if( $ext != substr($path, - strlen($ext)) ) { die("Extension does not fit with extension in filename"); } 
     14if( 'php' == strtolower($ext) ) { die("Adding headers to php files is forbidden"); } 
     15if( 'phtml' == strtolower($ext) ) { die("Adding headers to phtml files is forbidden"); } 
    1116 
    1217define('SP_ABSPATH', dirname(dirname(dirname(dirname(__FILE__)))) ); 
Note: See TracChangeset for help on using the changeset viewer.