diff options
| author | Jim Hu <jimhu@users.sourceforge.net> | 2006-02-09 04:37:12 +0000 |
|---|---|---|
| committer | Jim Hu <jimhu@users.sourceforge.net> | 2006-02-09 04:37:12 +0000 |
| commit | 78def4201a4fbfc8f8d1f915d2c7820d2fb54d23 (patch) | |
| tree | 5ae835da94d43b6946f46b7ec122d8eed4009a8c /functions/template.php | |
| parent | 33a44daad5e809ee4678c9389789c31130c1be1d (diff) | |
| download | phpicalendar-78def4201a4fbfc8f8d1f915d2c7820d2fb54d23.tar.gz phpicalendar-78def4201a4fbfc8f8d1f915d2c7820d2fb54d23.tar.bz2 phpicalendar-78def4201a4fbfc8f8d1f915d2c7820d2fb54d23.zip | |
Sanitize file in parse function
Diffstat (limited to 'functions/template.php')
| -rw-r--r-- | functions/template.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/functions/template.php b/functions/template.php index cb2431f..8f477c9 100644 --- a/functions/template.php +++ b/functions/template.php @@ -1034,11 +1034,17 @@ class Page { } function parse($file) { + global $template; ob_start(); + $file = str_replace("..","",$file); + if (strpos($file, "$template") > 0 || $file =='./functions/event.js'){ include($file); $buffer = ob_get_contents(); ob_end_clean(); return $buffer; + }else{ + die('breakin attempt'); + } } function replace_tags($tags = array()) { |