From e238cacd1f10294d225ce21d9ebe2ce047836cb6 Mon Sep 17 00:00:00 2001
From: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Tue, 4 Aug 2009 17:46:28 +0000
Subject: Fixed a security issues when simple cache is off.

git-svn-id: https://code.elgg.org/elgg/trunk@3420 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/elgglib.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 067eaec71..d04efff99 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -172,6 +172,11 @@
 
 		    global $CONFIG;
 		    static $usercache;
+
+		    // basic checking for bad paths
+		    if (strpos($view, '..') !== false) {
+		        return false;
+                    }
 		    
 		    $view_orig = $view;
 		    
@@ -2306,4 +2311,4 @@
 	register_elgg_event_handler('init','system','elgg_init');
 	register_elgg_event_handler('boot','system','elgg_boot',1000);
 	
-?>
\ No newline at end of file
+?>
-- 
cgit v1.2.3