mbirth/LuckyCoinkydink
Archived
1
0
Fork 0
Code Issues Pull Requests Activity

Ensure not using 'online_repository' as pluginPath

Browse Source
This commit is contained in:
Garvin Hicking
2007-06-05 11:44:34 +00:00
parent c8572b58f7
commit 494c19ce4a
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/plugin_api.inc.php
View File

@ -111,6 +111,10 @@ class serendipity_plugin_api {
// Secure Plugin path. No leading slashes, no backslashes, no "up" directories
$pluginPath = preg_replace('@^(/)@', '', $pluginPath);
$pluginPath = str_replace(array('..', "\\"), array('', '/'), serendipity_db_escape_string($pluginPath));
if ($pluginPath == 'online_repository') {
$pluginPath = $key;
}
$rs = serendipity_db_query("SELECT MAX(sort_order) as sort_order_max FROM {$serendipity['dbPrefix']}plugins WHERE placement = '$default_placement'", true, 'num');