diff options
author | Wesley Miaw <josuah@users.sourceforge.net> | 2003-10-16 19:01:49 +0000 |
---|---|---|
committer | Wesley Miaw <josuah@users.sourceforge.net> | 2003-10-16 19:01:49 +0000 |
commit | a9098cd72fa0513d708dfbbeb4b341799c1542fd (patch) | |
tree | 89a9c82c2f2c6e60cbb58852cde813f3245e7d26 /functions/init.inc.php | |
parent | d079ce9a00faad799a22f9dad3cf319de10accc3 (diff) | |
download | phpicalendar-a9098cd72fa0513d708dfbbeb4b341799c1542fd.tar.gz phpicalendar-a9098cd72fa0513d708dfbbeb4b341799c1542fd.tar.bz2 phpicalendar-a9098cd72fa0513d708dfbbeb4b341799c1542fd.zip |
Do not include subscribe and download links for calendars referenced
by an absolute path or with a relative path going up (i.e. ../).
Diffstat (limited to 'functions/init.inc.php')
-rw-r--r-- | functions/init.inc.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/functions/init.inc.php b/functions/init.inc.php index 9a50fc6..e4eb831 100644 --- a/functions/init.inc.php +++ b/functions/init.inc.php @@ -136,15 +136,17 @@ if ($is_webcal) { } // Sets the download and subscribe paths from the config if present. - if ($download_uri == '') { + if ($download_uri == '' && preg_match('/(^\/|..\/)/', $filename) == 0) { $subscribe_path = 'webcal://'.$HTTP_SERVER_VARS['SERVER_NAME'].dirname($HTTP_SERVER_VARS['PHP_SELF']).'/'.$filename; $download_filename = $filename; - } else { + } else if ($download_uri != '') { $newurl = eregi_replace("^(http://)", "", $download_uri); $subscribe_path = 'webcal://'.$newurl.'/'.$cal_filename.'.ics'; $download_filename = $download_uri.'/'.$cal_filename.'.ics'; + } else { + $subscribe_path = ''; + $download_filename = ''; } - } } ?> |