aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--engine/lib/elgglib.php7
1 files changed, 6 insertions, 1 deletions
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 067eaec71..d04efff99 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -172,6 +172,11 @@
global $CONFIG;
static $usercache;
+
+ // basic checking for bad paths
+ if (strpos($view, '..') !== false) {
+ return false;
+ }
$view_orig = $view;
@@ -2306,4 +2311,4 @@
register_elgg_event_handler('init','system','elgg_init');
register_elgg_event_handler('boot','system','elgg_boot',1000);
-?> \ No newline at end of file
+?>