|
|
|
@ -14,6 +14,8 @@ $this_section = SECTION_COURSES; |
|
|
|
// Protection |
|
|
|
// Protection |
|
|
|
api_protect_course_script(); |
|
|
|
api_protect_course_script(); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$_course = api_get_course_info(); |
|
|
|
|
|
|
|
|
|
|
|
if (!isset($_course)) { |
|
|
|
if (!isset($_course)) { |
|
|
|
api_not_allowed(true); |
|
|
|
api_not_allowed(true); |
|
|
|
} |
|
|
|
} |
|
|
|
@ -26,7 +28,7 @@ $doc_url = str_replace(' ', '+', $doc_url); |
|
|
|
|
|
|
|
|
|
|
|
$doc_url = str_replace(array('../', '\\..', '\\0', '..\\'), array('', '', '', ''), $doc_url); //echo $doc_url; |
|
|
|
$doc_url = str_replace(array('../', '\\..', '\\0', '..\\'), array('', '', '', ''), $doc_url); //echo $doc_url; |
|
|
|
|
|
|
|
|
|
|
|
if (strpos($doc_url, '../') OR strpos($doc_url, '/..')) { |
|
|
|
if (strpos($doc_url, '../') || strpos($doc_url, '/..')) { |
|
|
|
$doc_url = ''; |
|
|
|
$doc_url = ''; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
jmontoyaa
9 years ago