r31k/bludit
2
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Add pathFile Sanitization

Browse Source
This commit is contained in:
SamBrishes 2018-12-31 14:03:24 +01:00
parent a1f6e698f2
commit 2e30c596f4
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bl-kernel/abstract/plugin.class.php
View File

@ -55,6 +55,8 @@ class Plugin {
// --- Metadata --- // --- Metadata ---
$this->filenameMetadata = PATH_PLUGINS.$this->directoryName().DS.'metadata.json'; $this->filenameMetadata = PATH_PLUGINS.$this->directoryName().DS.'metadata.json';
if( Sanitize::pathFile($this->filenameMetadata) ) {
$metadataString = file_get_contents($this->filenameMetadata); $metadataString = file_get_contents($this->filenameMetadata);
$this->metadata = json_decode($metadataString, true); $this->metadata = json_decode($metadataString, true);
@ -64,6 +66,7 @@ class Plugin {
$this->db = $Tmp->db; $this->db = $Tmp->db;
} }
} }
}
public function save() public function save()
{ {

3
bl-kernel/boot/rules/60.plugins.php
View File

@ -78,6 +78,9 @@ function buildPlugins()
$languageFilename = PATH_PLUGINS.$Plugin->directoryName().DS.'languages'.DS.$site->language().'.json'; $languageFilename = PATH_PLUGINS.$Plugin->directoryName().DS.'languages'.DS.$site->language().'.json';
if( !Sanitize::pathFile($languageFilename) ) { if( !Sanitize::pathFile($languageFilename) ) {
$languageFilename = PATH_PLUGINS.$Plugin->directoryName().DS.'languages'.DS.DEFAULT_LANGUAGE_FILE; $languageFilename = PATH_PLUGINS.$Plugin->directoryName().DS.'languages'.DS.DEFAULT_LANGUAGE_FILE;
if( !Sanitize::pathFile($languageFilename) ) {
continue;
}
} }
$database = file_get_contents($languageFilename); $database = file_get_contents($languageFilename);