[TYPO3] backend, delete a file with 2 dots
Ulf Stephan
ulf777 at gmx.de
Thu May 4 11:25:09 CEST 2006
Just to comlpete. Here is the Patch by Martin for it:
--- class.t3lib_div.php 2006-04-12 21:54:06.000000000 +0200
+++ class.t3lib_div-dots.php 2006-04-28 21:19:38.000000000 +0200
@@ -3272,11 +3272,11 @@
* Usage: 14
*
* @param string Filepath to evaluate
- * @return boolean True, if no '//', '..' or '\' is in the $theFile
+ * @return boolean True, if no '//', '../' or '\' is in the $theFile
* @todo Possible improvement: Should it rawurldecode the string first
to check if any of these characters is encoded ?
*/
function validPathStr($theFile) {
- if (!strstr($theFile,'//') && !strstr($theFile,'..') &&
!strstr($theFile,'\\')) return true;
+ if (!strstr($theFile,'//') && !strstr($theFile,'../') &&
!strstr($theFile,'\\')) return true;
}
/**
More information about the TYPO3-english
mailing list