From 9a9b156a8ed5a8c0ad71d51c10ae7a32b24359f4 Mon Sep 17 00:00:00 2001 From: rxu Date: Mon, 7 Mar 2011 21:22:33 +0700 Subject: [PATCH] [ticket/10035] ACP template edit feature allows to read any files on webserver. ... and to upload/execute any script on it. Use preg_replace to filter filename PHPBB3-10035 --- phpBB/includes/acp/acp_styles.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 0f157ceff3..37cf8d1f72 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -716,7 +716,7 @@ parse_css_file = {PARSE_CSS_FILE} $save_changes = (isset($_POST['save'])) ? true : false; // make sure template_file path doesn't go upwards - $template_file = str_replace('..', '.', $template_file); + $template_file = preg_replace('#\.{2,}#', '.', $template_file); // Retrieve some information about the template $sql = 'SELECT template_storedb, template_path, template_name