Changeset 7921

Timestamp:

05/12/2008 11:51:54 PM (17 years ago)

Author:

ryan

Message:

Add some page template validation

Location:

trunk

Files:

• wp-admin/includes/file.php (modified) (1 diff)
• wp-includes/functions.php (modified) (1 diff)
• wp-includes/theme.php (modified) (1 diff)

trunk/wp-admin/includes/file.php

@@ -67 +67 @@
     touch($filename);
     return $filename;
-}
-
-function validate_file( $file, $allowed_files = '' ) {
-    if ( false !== strpos( $file, '..' ))
-        return 1;
-
-    if ( false !== strpos( $file, './' ))
-        return 1;
-
-    if (':' == substr( $file, 1, 1 ))
-        return 2;
-
-    if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) )
-        return 3;
-
-    return 0;
 }
 

trunk/wp-includes/functions.php

@@ -1750 +1750 @@
 }
 
+function validate_file( $file, $allowed_files = '' ) {
+    if ( false !== strpos( $file, '..' ))
+        return 1;
+
+    if ( false !== strpos( $file, './' ))
+        return 1;
+
+    if (':' == substr( $file, 1, 1 ))
+        return 2;
+
+    if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) )
+        return 3;
+
+    return 0;
+}
+
 ?>

trunk/wp-includes/theme.php

@@ -420 +420 @@
         $template = '';
 
-    if ( !empty($template) && file_exists(TEMPLATEPATH . "/$template") )
+    if ( !empty($template) && !validate_file($template) && file_exists(TEMPLATEPATH . "/$template") )
         $template = TEMPLATEPATH . "/$template";
     elseif ( file_exists(TEMPLATEPATH . "/page.php") )