Ignore:
Timestamp:
2013/06/28 15:30:55 (11 years ago)
Author:
shutta
Message:

#2266 (resize_imageの入力チェックの見直し)
r22863(脆弱性対応)を2_13-devにもコミット。

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/version-2_13-dev/data/class/pages/LC_Page_ResizeImage.php

    r22856 r22917  
    107107    function lfCheckFileName() 
    108108    { 
    109         //$pattern = '|^[0-9]+_[0-9a-z]+\.[a-z]{3}$|'; 
    110         $pattern = '|\./|'; 
    111109        $file    = trim($_GET['image']); 
    112         if (preg_match_all($pattern, $file, $matches)) { 
     110        if (!preg_match("/^[[:alnum:]_\.-]+$/i", $file)) { 
    113111            return false; 
    114112        } else { 
Note: See TracChangeset for help on using the changeset viewer.