chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r21122] Fixed vulnerable get parameter: doc_url - partial FS#4261

Browse Source
skala
Cristian Fasanando 17 years ago
parent a44d43cda4
commit f1fee29893
1 changed files with 2 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      main/exercice/Hpdownload.php

4
main/exercice/Hpdownload.php
Unescape View File

@ -22,7 +22,7 @@
* This script shows the list of exercises for administrators and students.
* @package dokeos.exercise
* @author Istvan Mandak
* @version $Id: Hpdownload.php 20555 2009-05-12 14:01:40Z juliomontoya $
* @version $Id: Hpdownload.php 21122 2009-05-31 00:10:22Z cfasanando $
*/
@ -35,7 +35,7 @@ include(api_get_path(LIBRARY_PATH)."events.lib.inc.php");
$tbl_document = Database::get_course_table(TABLE_DOCUMENT);
$doc_url=str_replace(array('../','\\..','\\0'),array('','',''),urldecode($_GET['doc_url']));
$doc_url=str_replace(array('../','\\..','\\0','..\\'),array('','','',''),urldecode($_GET['doc_url']));
$filename=basename($doc_url);
// launch event

Write Preview
Loading…
Cancel
Save