Changeset 109554 in spip-zone


Ignore:
Timestamp:
Mar 16, 2018, 9:45:29 AM (3 years ago)
Author:
cedric@…
Message:

Up ecran securite pour valider_xml encore

File:
1 edited

Legend:

Unmodified
Added
Removed
  • _core_/securite/ecran_securite.php

    r108450 r109554  
    66 */
    77
    8 define('_ECRAN_SECURITE', '1.3.5'); // 2018-01-11
     8define('_ECRAN_SECURITE', '1.3.6'); // 2018-03-16
    99
    1010/*
     
    238238        if (strncmp($url,'/',1)==0
    239239          or (($p=strpos($url,'..'))!==false AND strpos($url,'..',$p+3)!==false)
     240          or (($p=strpos($url,'..'))!==false AND strpos($url,'IMG',$p+3)!==false)
    240241                or (strpos($url,'://')!==false or strpos($url,':\\')!==false)) {
    241242                $ecran_securite_raison = 'URL interdite pour var_url';
Note: See TracChangeset for help on using the changeset viewer.