vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-03-30 10:14:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Do not allow .. anywhere in the filename.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@2019 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
2004-12-30 18:05:46 +00:00
parent c5f6ac8cc4
commit 0215f2ba6a
2 changed files with 32 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
wp-admin/admin.php
View File

@@ -42,13 +42,15 @@ require(ABSPATH . '/wp-admin/menu.php');
// Handle plugin admin pages.
if (isset($_GET['page'])) {
$plugin_page = plugin_basename($_GET['page']);
if (! file_exists(ABSPATH . "wp-content/plugins/$plugin_page")) {
die(sprintf(__('Cannot load %s.'), $plugin_page));
if ( validate_file($plugin_page) ) {
die(__('Invalid plugin page'));
}
if (! isset($_GET['noheader'])) {
if (! file_exists(ABSPATH . "wp-content/plugins/$plugin_page"))
die(sprintf(__('Cannot load %s.'), $plugin_page));
if (! isset($_GET['noheader']))
require_once(ABSPATH . '/wp-admin/admin-header.php');
}
include(ABSPATH . "wp-content/plugins/$plugin_page");