Changeset 782 in svn for trunk


Ignore:
Timestamp:
2011-04-22T16:45:00+02:00 (4 years ago)
Author:
Xuefer
Message:

avoid possible file name injection

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/admin/common.php

    r605 r782  
    3939        $file = get_language_file_ex($name, $l, $s);
    4040        if (!isset($file)) {
    41             $l = strtok($l, '-');
     41            $l = strtok($l, ':-');
    4242            $file = get_language_file_ex($name, $l, $s);
    4343        }
     
    4545    else if (!empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
    4646        foreach (explode(',', str_replace(' ', '', $_SERVER['HTTP_ACCEPT_LANGUAGE'])) as $l) {
    47             $l = strtok($l, ';');
     47            $l = strtok($l, ':;');
    4848            $file = get_language_file_ex($name, $l, $s);
    4949            if (isset($file)) {
     
    5252            }
    5353            if (strpos($l, '-') !== false) {
    54                 $ll = strtok($l, '-');
     54                $ll = strtok($l, ':-');
    5555                $file = get_language_file_ex($name, $ll, $s);
    5656                if (isset($file)) {
Note: See TracChangeset for help on using the changeset viewer.