- Timestamp:
- Mar 10, 2012, 10:34:48 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/site_update.php
r13488 r13527 209 209 { 210 210 $dir = basename($fulldir); 211 if (preg_match( '/^[a-zA-Z0-9-_.]+$/', $dir))211 if (preg_match($conf['sync_chars_regex'], $dir)) 212 212 { 213 213 $insert = array( … … 375 375 } 376 376 $filename = basename($path); 377 if (!preg_match( '/^[a-zA-Z0-9-_.]+$/', $filename))377 if (!preg_match($conf['sync_chars_regex'], $filename)) 378 378 { 379 379 array_push( -
trunk/i.php
r13444 r13527 195 195 196 196 $req = ltrim($req, '/'); 197 !preg_match('#[^a-zA-Z0-9/_.-]#', $req) or ierror('Invalid chars in request', 400); 198 197 198 foreach (preg_split('#/+#', $req) as $token) 199 { 200 preg_match($conf['sync_chars_regex'], $token) or ierror('Invalid chars in request', 400); 201 } 202 199 203 $page['derivative_path'] = PHPWG_ROOT_PATH.PWG_DERIVATIVE_DIR.$req; 200 204 -
trunk/include/config_default.inc.php
r13115 r13527 747 747 $conf['enable_synchronization'] = true; 748 748 749 // permitted characters for files/directoris during synchronization 750 $conf['sync_chars_regex'] = '/^[a-zA-Z0-9-_.]+$/'; 751 749 752 // PEM url 750 753 $conf['alternative_pem_url'] = '';
Note: See TracChangeset
for help on using the changeset viewer.