Make WordPress Core


Ignore:
Timestamp:
06/27/2011 03:56:42 PM (14 years ago)
Author:
ryan
Message:

Hardening. Santizers for WPLANG and new_admin_email. Prevent stomping ID and filter. Validate locale filename. Props westi.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-settings.php

    r18263 r18346  
    259259$locale = get_locale();
    260260$locale_file = WP_LANG_DIR . "/$locale.php";
    261 if ( is_readable( $locale_file ) )
     261if ( ( 0 === validate_file( $locale ) ) && is_readable( $locale_file ) )
    262262    require( $locale_file );
    263263unset($locale_file);
Note: See TracChangeset for help on using the changeset viewer.