Browse Source

! Use the right variable when doing directory-traversal exploit prevention

Signed-off-by: Peter Spicer <[email protected]>
Peter Spicer 10 years ago
parent
commit
f0afe3cc48
1 changed files with 1 additions and 1 deletions
  1. 1 1
      Sources/Themes.php

+ 1 - 1
Sources/Themes.php

@@ -1687,7 +1687,7 @@ function EditTheme()
 				$_GET['directory'] = preg_replace(array('~^[\./\\:\0\n\r]+~', '~[\\\\]~', '~/[\./]+~'), array('', '/', '/'), $_GET['directory']);
 
 				$temp = realpath($currentTheme['theme_dir'] . '/' . $_GET['directory']);
-				if (empty($temp) || substr($temp, 0, strlen(realpath($theme_dir))) != realpath($theme_dir))
+				if (empty($temp) || substr($temp, 0, strlen(realpath($currentTheme['theme_dir']))) != realpath($currentTheme['theme_dir']))
 					$_GET['directory'] = '';
 			}
 		}