diff --git a/phpBB/admin/admin_db_utilities.php b/phpBB/admin/admin_db_utilities.php index 44f5188568..3f364972e6 100644 --- a/phpBB/admin/admin_db_utilities.php +++ b/phpBB/admin/admin_db_utilities.php @@ -903,7 +903,7 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) ) // a hackers attempt at getting us to process a local system // file. // - if( file_exists($backup_file_tmpname) ) + if( file_exists(realpath($backup_file_tmpname)) ) { if( preg_match("/^(text\/[a-zA-Z]+)|(application\/(x\-)?gzip(\-compressed)?)|(application\/octet-stream)$/is", $backup_file_type) ) { diff --git a/phpBB/admin/admin_smilies.php b/phpBB/admin/admin_smilies.php index dc19470c2c..be8b9bfd3b 100644 --- a/phpBB/admin/admin_smilies.php +++ b/phpBB/admin/admin_smilies.php @@ -72,7 +72,7 @@ $dir = @opendir($phpbb_root_path . $board_config['smilies_path']); while($file = @readdir($dir)) { - if( !@is_dir($phpbb_root_path . $board_config['smilies_path'] . '/' . $file) ) + if( !@is_dir(realpath($phpbb_root_path . $board_config['smilies_path'] . '/' . $file)) ) { $img_size = @getimagesize($phpbb_root_path . $board_config['smilies_path'] . '/' . $file); diff --git a/phpBB/admin/admin_styles.php b/phpBB/admin/admin_styles.php index a7d636b6b8..90cfc04fc0 100644 --- a/phpBB/admin/admin_styles.php +++ b/phpBB/admin/admin_styles.php @@ -134,7 +134,7 @@ switch( $mode ) { while( $sub_dir = @readdir($dir) ) { - if( !is_file($phpbb_root_path . 'templates/' .$sub_dir) && !is_link($phpbb_root_path . 'templates/' .$sub_dir) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" ) + if( !is_file(realpath($phpbb_root_path . 'templates/' .$sub_dir)) && !is_link(realpath($phpbb_root_path . 'templates/' .$sub_dir)) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" ) { if( @file_exists(@realpath($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg")) ) { @@ -551,7 +551,7 @@ switch( $mode ) $s_template_select = ''; while( $file = @readdir($dir) ) { - if( !is_file($phpbb_root_path . 'templates/' . $file) && !is_link($phpbb_root_path . 'templates/' .$file) && $file != "." && $file != ".." && $file != "CVS" ) + if( !is_file(realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(realpath($phpbb_root_path . 'templates/' .$file)) && $file != "." && $file != ".." && $file != "CVS" ) { $s_template_select .= '\n"; } diff --git a/phpBB/admin/admin_users.php b/phpBB/admin/admin_users.php index 79edfe240f..b2a1da8d30 100644 --- a/phpBB/admin/admin_users.php +++ b/phpBB/admin/admin_users.php @@ -828,7 +828,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) | $avatar_images = array(); while( $file = @readdir($dir) ) { - if( $file != "." && $file != ".." && !is_file("./../" . $board_config['avatar_gallery_path'] . "/" . $file) && !is_link("./../" . $board_config['avatar_gallery_path'] . "/" . $file) ) + if( $file != "." && $file != ".." && !is_file(realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) && !is_link(realpath("./../" . $board_config['avatar_gallery_path'] . "/" . $file)) ) { $sub_dir = @opendir("../" . $board_config['avatar_gallery_path'] . "/" . $file); diff --git a/phpBB/develop/encoding_emails.php b/phpBB/develop/encoding_emails.php index 7c1a109692..b55d7b7ac0 100644 --- a/phpBB/develop/encoding_emails.php +++ b/phpBB/develop/encoding_emails.php @@ -34,7 +34,7 @@ $dir = opendir($dirname); while ( $file = readdir($dir) ) { - if ( ereg('^lang_', $file) && !is_file($dirname . '/' . $file) && !is_link($dirname . '/' . $file) ) + if ( ereg('^lang_', $file) && !is_file(realpath($dirname . '/' . $file)) && !is_link(realpath($dirname . '/' . $file)) ) { include($dirname . '/' . $file . '/lang_main.php'); @@ -42,7 +42,7 @@ while ( $file = readdir($dir) ) while ( $email = readdir($lang_dir) ) { - if ( ereg('\.tpl$', $email) && is_file($dirname . '/' . $file . '/email/' . $email) ) + if ( ereg('\.tpl$', $email) && is_file(realpath($dirname . '/' . $file . '/email/' . $email)) ) { $fp = fopen($dirname . '/' . $file . '/email/' . $email, 'r+'); diff --git a/phpBB/develop/revar_lang_files.php b/phpBB/develop/revar_lang_files.php index b5fbc5631b..9886baa09b 100644 --- a/phpBB/develop/revar_lang_files.php +++ b/phpBB/develop/revar_lang_files.php @@ -36,7 +36,7 @@ $dir = opendir($dirname); while ( $file = readdir($dir) ) { - if ( ereg("^lang_", $file) && !is_file($dirname . "/" . $file) && !is_link($dirname . "/" . $file) ) + if ( ereg("^lang_", $file) && !is_file(realpath($dirname . "/" . $file)) && !is_link(realpath($dirname . "/" . $file)) ) { foreach($vars as $lang_file => $lang_var) { diff --git a/phpBB/includes/emailer.php b/phpBB/includes/emailer.php index 8e00d6df65..13c82c5a29 100755 --- a/phpBB/includes/emailer.php +++ b/phpBB/includes/emailer.php @@ -90,7 +90,7 @@ class emailer $this->tpl_file = @realpath($phpbb_root_path . 'language/lang_' . $template_lang . '/email/' . $template_file . '.tpl'); - if ( !file_exists($this->tpl_file) ) + if ( !file_exists(realpath($this->tpl_file)) ) { message_die(GENERAL_ERROR, 'Could not find email template file ' . $template_file, '', __LINE__, __FILE__); } @@ -307,7 +307,7 @@ class emailer // function encode_file($sourcefile) { - if (is_readable($sourcefile)) + if (is_readable(realpath($sourcefile))) { $fd = fopen($sourcefile, "r"); $contents = fread($fd, filesize($sourcefile));