Fixed grep typo. Should be checking for literal periods instead of any

character. ('\.' versus '.' in regexp.)
author: Wesley Miaw <josuah@users.sourceforge.net> 2003-11-24 02:17:58 +0000
committer: Wesley Miaw <josuah@users.sourceforge.net> 2003-11-24 02:17:58 +0000
commit: c25ffb161bca97dd17abe2eb6d13ad2b86328228 (patch)
tree: c52ef0f2cb47ac01db506504204d012f6629a54b
parent: 958d4de781ba3ccefda8a201ca4090478862b28b (diff)
download: phpicalendar-c25ffb161bca97dd17abe2eb6d13ad2b86328228.tar.gz
phpicalendar-c25ffb161bca97dd17abe2eb6d13ad2b86328228.tar.bz2
phpicalendar-c25ffb161bca97dd17abe2eb6d13ad2b86328228.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/functions/init.inc.php b/functions/init.inc.php
index 7661184..46f5bcc 100644
--- a/functions/init.inc.php
+++ b/functions/init.inc.php
@@ -134,7 +134,7 @@ if ($is_webcal) {
 		}
 		
 		// Sets the download and subscribe paths from the config if present.
-		if ($download_uri == '') {
+		if ($download_uri == '' && preg_match('/(^\/|\.\.\/)/', $filename) == 0) {
 			$subscribe_path = 'webcal://'.$HTTP_SERVER_VARS['SERVER_NAME'].dirname($HTTP_SERVER_VARS['PHP_SELF']).'/'.$filename;
 			$download_filename = $filename;
 		} elseif ($download_uri != '') {
author	Wesley Miaw <josuah@users.sourceforge.net>	2003-11-24 02:17:58 +0000
committer	Wesley Miaw <josuah@users.sourceforge.net>	2003-11-24 02:17:58 +0000
commit	c25ffb161bca97dd17abe2eb6d13ad2b86328228 (patch)
tree	c52ef0f2cb47ac01db506504204d012f6629a54b
parent	958d4de781ba3ccefda8a201ca4090478862b28b (diff)
download	phpicalendar-c25ffb161bca97dd17abe2eb6d13ad2b86328228.tar.gz phpicalendar-c25ffb161bca97dd17abe2eb6d13ad2b86328228.tar.bz2 phpicalendar-c25ffb161bca97dd17abe2eb6d13ad2b86328228.zip