Fixed a security issues when simple cache is off.

git-svn-id: https://code.elgg.org/elgg/trunk@3420 36083f99-b078-4883-b0ff-0f9b5a30f544
author: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> 2009-08-04 17:46:28 +0000
committer: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> 2009-08-04 17:46:28 +0000
commit: e238cacd1f10294d225ce21d9ebe2ce047836cb6 (patch)
tree: 5ddf31f266329aca85e3da6bf6cb121bb78ed7a0 /engine
parent: dfef09f940fd9f904bf1606ed3d8f2bef0fde011 (diff)
download: elgg-e238cacd1f10294d225ce21d9ebe2ce047836cb6.tar.gz
elgg-e238cacd1f10294d225ce21d9ebe2ce047836cb6.tar.bz2
1 files changed, 6 insertions, 1 deletions
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 067eaec71..d04efff99 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -172,6 +172,11 @@
 
 		    global $CONFIG;
 		    static $usercache;
+
+		    // basic checking for bad paths
+		    if (strpos($view, '..') !== false) {
+		        return false;
+                    }
 		    
 		    $view_orig = $view;
 		    
@@ -2306,4 +2311,4 @@
 	register_elgg_event_handler('init','system','elgg_init');
 	register_elgg_event_handler('boot','system','elgg_boot',1000);
 	
-?>
-\ No newline at end of file
+?>
author	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>	2009-08-04 17:46:28 +0000
committer	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>	2009-08-04 17:46:28 +0000
commit	e238cacd1f10294d225ce21d9ebe2ce047836cb6 (patch)
tree	5ddf31f266329aca85e3da6bf6cb121bb78ed7a0 /engine
parent	dfef09f940fd9f904bf1606ed3d8f2bef0fde011 (diff)
download	elgg-e238cacd1f10294d225ce21d9ebe2ce047836cb6.tar.gz elgg-e238cacd1f10294d225ce21d9ebe2ce047836cb6.tar.bz2