diff options
author | Jim Hu <jimhu@users.sourceforge.net> | 2006-02-15 08:32:05 +0000 |
---|---|---|
committer | Jim Hu <jimhu@users.sourceforge.net> | 2006-02-15 08:32:05 +0000 |
commit | 46c9454ec6fa7e48be65ef35ff96045ee30d5857 (patch) | |
tree | eaebdb53e36e103e2b5b1fd3d135372eca5f1319 /functions/template.php | |
parent | 57eb99d1980353cdc4449825e2fcdc171e8caa1b (diff) | |
download | phpicalendar-46c9454ec6fa7e48be65ef35ff96045ee30d5857.tar.gz phpicalendar-46c9454ec6fa7e48be65ef35ff96045ee30d5857.tar.bz2 phpicalendar-46c9454ec6fa7e48be65ef35ff96045ee30d5857.zip |
fix path bug introduced by security patch in 2.21 release
Diffstat (limited to 'functions/template.php')
-rw-r--r-- | functions/template.php | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/functions/template.php b/functions/template.php index 8f477c9..8b4eb17 100644 --- a/functions/template.php +++ b/functions/template.php @@ -1036,12 +1036,11 @@ class Page { function parse($file) { global $template; ob_start(); - $file = str_replace("..","",$file); - if (strpos($file, "$template") > 0 || $file =='./functions/event.js'){ - include($file); - $buffer = ob_get_contents(); - ob_end_clean(); - return $buffer; + if (strpos($file, "$template") > 0 || $file =='./functions/event.js'){ + include($file); + $buffer = ob_get_contents(); + ob_end_clean(); + return $buffer; }else{ die('breakin attempt'); } |