diff options
author | Wesley Miaw <josuah@users.sourceforge.net> | 2003-11-24 02:17:58 +0000 |
---|---|---|
committer | Wesley Miaw <josuah@users.sourceforge.net> | 2003-11-24 02:17:58 +0000 |
commit | c25ffb161bca97dd17abe2eb6d13ad2b86328228 (patch) | |
tree | c52ef0f2cb47ac01db506504204d012f6629a54b | |
parent | 958d4de781ba3ccefda8a201ca4090478862b28b (diff) | |
download | phpicalendar-c25ffb161bca97dd17abe2eb6d13ad2b86328228.tar.gz phpicalendar-c25ffb161bca97dd17abe2eb6d13ad2b86328228.tar.bz2 phpicalendar-c25ffb161bca97dd17abe2eb6d13ad2b86328228.zip |
Fixed grep typo. Should be checking for literal periods instead of any
character. ('\.' versus '.' in regexp.)
-rw-r--r-- | functions/init.inc.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/functions/init.inc.php b/functions/init.inc.php index 7661184..46f5bcc 100644 --- a/functions/init.inc.php +++ b/functions/init.inc.php @@ -134,7 +134,7 @@ if ($is_webcal) { } // Sets the download and subscribe paths from the config if present. - if ($download_uri == '') { + if ($download_uri == '' && preg_match('/(^\/|\.\.\/)/', $filename) == 0) { $subscribe_path = 'webcal://'.$HTTP_SERVER_VARS['SERVER_NAME'].dirname($HTTP_SERVER_VARS['PHP_SELF']).'/'.$filename; $download_filename = $filename; } elseif ($download_uri != '') { |