makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/9801] Allow display of page outside board directory on viewonline

Browse source 
Until now, the preg_match didn't take into account that a page might be
outside the board directory. After this change, the regular expression will
allow preceding dots and slashes. Paths like ../../test.php will be allowed.
The page will be unknown in viewonline.php and it will revert to index.php as
current page. However, the core.viewonline_overwrite_location event will
receive proper info of the page the user is on right now allowing a listener
to change the info that is being displayed.

PHPBB3-9801
This commit is contained in:
Marc Alexander 2014-06-11 23:34:51 +02:00
parent 694f8391c9
commit 204904441a
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/viewonline.php
View file

@ -213,7 +213,7 @@ while ($row = $db->sql_fetchrow($result))
continue; continue;
} }
preg_match('#^([a-z0-9/_-]+)#i', $row['session_page'], $on_page); preg_match('#^([./\\]*+[a-z0-9/_-]+)#i', $row['session_page'], $on_page);
if (!sizeof($on_page)) if (!sizeof($on_page))
{ {
$on_page[1] = ''; $on_page[1] = '';