extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-22 14:41:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

added some security checks

Browse Source
This commit is contained in:
seek3r 2001-11-12 21:24:52 +00:00
parent 98c8c37409
commit a52845ec21
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
doc/inlinedocparser.php
View File

@ -14,14 +14,23 @@
$types = array('abstract','param','example','syntax','result','description','discussion','author','copyright','package','access'); $types = array('abstract','param','example','syntax','result','description','discussion','author','copyright','package','access');
if(!$app) if($app)
{
if (!preg_match("/^[a-zA-Z0-9-_]+$/i",$app))
{
echo 'Invalid application<br>';
exit;
}
}
else
{ {
$app = 'phpgwapi'; $app = 'phpgwapi';
} }
if ($fn) if ($fn)
{ {
if (preg_match("/^class\.[a-zA-Z0-9]\.inc\.php+$/i",$fn)){ if (preg_match("/^class\.([a-zA-Z0-9-_]*)\.inc\.php+$/",$fn))
{
$files[] = $fn; $files[] = $fn;
} }
else else
@ -46,11 +55,9 @@
while(list($key, $value) = each($files)) while(list($key, $value) = each($files))
{ {
//echo '$key = '.$key.' and $value = '.$value.'<br>'; if (!preg_match("/^class\.([a-zA-Z0-9-_]*)\.inc\.php+$/",$value))
if (!preg_match("/^class\.(.*)\.inc\.php+$/",$value))
{ {
unset($files[$key]); unset($files[$key]);
//echo '#'.$key.' is bad, and should be unset<br>';
} }
} }