From 1261e21eac472d9b523f2db2b2efdca93b7510f7 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Mon, 21 Dec 2009 22:29:28 +0000
Subject: [PATCH] Bug #55665 - Restrict search for styles/../style.cfg to
 folders. Authorised by: bantu

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10360 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/docs/CHANGELOG.html         | 1 +
 phpBB/includes/acp/acp_styles.php | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 00754c5370..984123e0fd 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -121,6 +121,7 @@
 		<li>[Fix] Correctly get unread status information for global announcements in search results.</li>
 		<li>[Fix] Correctly handle global announcements in ATOM feeds.</li>
 		<li>[Fix] Use correct limit config parameter in the News feed.</li>
+		<li>[Fix] Restrict search for styles/../style.cfg to folders. (Bug #55665)</li>
 		<li>[Change] Move redirect into a hidden field to avoid issues with mod_security. (Bug #54145)</li>
 		<li>[Change] Log activation through inactive users ACP. (Bug #30145)</li>
 		<li>[Change] Send time of last item instead of current time in ATOM Feeds. (Bug #53305)</li>
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index fbf3eadcb2..faa16570c5 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -643,6 +643,10 @@ parse_css_file = {PARSE_CSS_FILE}
 		{
 			while (($file = readdir($dp)) !== false)
 			{
+				if (!is_dir($file))
+				{
+					continue;
+				}
 				$subpath = ($mode != 'style') ? "$mode/" : '';
 				if ($file[0] != '.' && file_exists("{$phpbb_root_path}styles/$file/$subpath$mode.cfg"))
 				{