aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOleg Pudeyev <oleg@bsdpower.com>2011-03-10 05:22:37 -0500
committerOleg Pudeyev <oleg@bsdpower.com>2011-03-10 05:22:37 -0500
commitaa8f4000d30a3f89cb876eb14e3b7522c68f90f0 (patch)
treed4eb9965192f4c3a2658117524308044a5c5c357
parentMerge branch 'ticket/p/10057' into develop-olympus (diff)
parent[ticket/10035] ACP template edit feature allows to read any files on webserver. (diff)
downloadphpbb-aa8f4000d30a3f89cb876eb14e3b7522c68f90f0.tar.gz
phpbb-aa8f4000d30a3f89cb876eb14e3b7522c68f90f0.tar.bz2
phpbb-aa8f4000d30a3f89cb876eb14e3b7522c68f90f0.zip
Merge branch 'ticket/rxu/10035' into develop-olympus
* ticket/rxu/10035: [ticket/10035] ACP template edit feature allows to read any files on webserver.
-rw-r--r--phpBB/includes/acp/acp_styles.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index 0f157ceff3..37cf8d1f72 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -716,7 +716,7 @@ parse_css_file = {PARSE_CSS_FILE}
$save_changes = (isset($_POST['save'])) ? true : false;
// make sure template_file path doesn't go upwards
- $template_file = str_replace('..', '.', $template_file);
+ $template_file = preg_replace('#\.{2,}#', '.', $template_file);
// Retrieve some information about the template
$sql = 'SELECT template_storedb, template_path, template_name