From 46c9454ec6fa7e48be65ef35ff96045ee30d5857 Mon Sep 17 00:00:00 2001
From: Jim Hu <jimhu@users.sourceforge.net>
Date: Wed, 15 Feb 2006 08:32:05 +0000
Subject: fix path bug introduced by security patch in 2.21 release

---
 functions/template.php | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'functions/template.php')

diff --git a/functions/template.php b/functions/template.php
index 8f477c9..8b4eb17 100644
--- a/functions/template.php
+++ b/functions/template.php
@@ -1036,12 +1036,11 @@ class Page {
 	function parse($file) {
 		global $template;
 		ob_start();
-		$file = str_replace("..","",$file);
-			if (strpos($file, "$template") > 0 || $file =='./functions/event.js'){
-		include($file);
-		$buffer = ob_get_contents();
-		ob_end_clean();
-		return $buffer;
+		if (strpos($file, "$template") > 0 || $file =='./functions/event.js'){
+			include($file);
+			$buffer = ob_get_contents();
+			ob_end_clean();
+			return $buffer;
 		}else{
 			die('breakin attempt');
 		}
-- 
cgit v1.2.3