Changeset 7287

Show
Ignore:
Timestamp:
01/06/08 00:59:52 (1 year ago)
Author:
ion
Message:

Woops, I need to commit on this tag because that security fix wil be included in 0.7.4

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • tags/0.7.4/html/include/JawsApplication.php

    r6686 r7287  
    242242    function GetTheme() 
    243243    { 
     244        // Check if valid theme name 
     245        if (strpos($this->_Theme, '..') !== false || 
     246            strpos($this->_Theme, '%') !== false || 
     247            strpos($this->_Theme, '\\') !== false || 
     248            strpos($this->_Theme, '/') !== false) { 
     249                return new JawsError(_t('GLOBAL_ERROR_INVALID_NAME', 'GetTheme'), 'Getting theme name'); 
     250        } 
    244251        return $this->_Theme; 
    245252    } 
     
    253260    function GetLanguage() 
    254261    { 
     262        // Check if valid language name 
     263        if (strpos($this->_Language, '..') !== false || 
     264            strpos($this->_Language, '%') !== false || 
     265            strpos($this->_Language, '\\') !== false || 
     266            strpos($this->_Language, '/') !== false) { 
     267                return new JawsError(_t('GLOBAL_ERROR_INVALID_NAME', 'GetLanguage'), 'Getting language name'); 
     268        } 
    255269        return $this->_Language; 
    256270    } 
     271 
    257272 
    258273    /** 

  • tags/0.7.4/html/languages/en/Global.php

    r5061 r7287  
    178178define('_EN_GLOBAL_ERROR_FILE_DOES_NOT_EXIST', "The file {0} does not exist or is not readable."); 
    179179define('_EN_GLOBAL_ERROR_FAILED_CREATING_INSTANCE', "There was a error while creating an instance from class {0} located at {1}"); 
     180define('_EN_GLOBAL_ERROR_INVALID_NAME', "Invalid name in {0}"); 
    180181 
    181182// Login error messages