Changeset 99748 in spip-zone


Ignore:
Timestamp:
Sep 30, 2016, 10:17:04 AM (3 years ago)
Author:
cedric@…
Message:

Report de https://core.spip.net/projects/spip/repository/revisions/23206 : verification plus generique pour prendre en compte le cas windows

File:
1 edited

Legend:

Unmodified
Added
Removed
  • _core_/securite/ecran_securite.php

    r99658 r99748  
    66 */
    77
    8 define('_ECRAN_SECURITE', '1.2.6'); // 2016-09-27
     8define('_ECRAN_SECURITE', '1.2.7'); // 2016-09-30
    99
    1010/*
     
    217217        $url = trim($_REQUEST['var_url']);
    218218        if (strncmp($url,'/',1)==0
    219           or (($p=strpos($url,'../'))!==false AND strpos($url,'../',$p+3)!==false)
     219          or (($p=strpos($url,'..'))!==false AND strpos($url,'..',$p+3)!==false)
    220220                or (strpos($url,'://')!==false or strpos($url,':\\')!==false)) {
    221221                $ecran_securite_raison = 'URL interdite pour var_url';
Note: See TracChangeset for help on using the changeset viewer.