Changeset 4226
- Timestamp:
- 09/25/2006 01:48:48 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.0/wp-content/plugins/wp-db-backup.php
r4051 r4226 70 70 71 71 $this->backup_file = $_GET['backup']; 72 72 $this->validate_file($this->backup_file); 73 73 74 switch($via) { 74 75 case 'smtp': … … 96 97 if (isset($_GET['fragment'] )) { 97 98 list($table, $segment, $filename) = explode(':', $_GET['fragment']); 99 $this->validate_file($filename); 98 100 $this->backup_fragment($table, $segment, $filename); 99 101 } … … 882 884 return; 883 885 } // wp_cron_db_backup 886 887 function validate_file($file) { 888 if (false !== strpos($file, '..')) 889 die(__("Cheatin' uh ?")); 890 891 if (false !== strpos($file, './')) 892 die(__("Cheatin' uh ?")); 893 894 if (':' == substr($file, 1, 1)) 895 die(__("Cheatin' uh ?")); 896 } 897 884 898 } 885 899
Note: See TracChangeset
for help on using the changeset viewer.