[Maplab-dev] [Bug 1695] [Maplab] (gszAppPath) Remote File Inclusion
Vulnerability
bugzilla-daemon at bugzilla.maptools.org
bugzilla-daemon at bugzilla.maptools.org
Tue Apr 3 14:47:13 EDT 2007
http://bugzilla.maptools.org/show_bug.cgi?id=1695
------- Additional Comments From zjames at dmsolutions.ca 2007-04-03 14:47 -------
I propose to exclude url-based paths with this code:
/*
===============================================================
=============
* Re-build the phtml file, after verifying that it's a local file
*
===============================================================
========== */
if (strpos($gszAppPath, '://') !== FALSE) {
$gszAppPath = substr(__FILE__, 0, strpos(__FILE__, 'htdocs\\gmapfactory\\params.php'));
$gszAppPath = str_replace('\\', '/', $gszAppPath);
}
include_once($gszAppPath."htdocs/gmapfactory/build_phtml.php");
Comments?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Please do NOT reply to this email, use the link above instead to
login to bugzilla and submit your comment. Any email reply to this
address will be lost.
More information about the Maplab-dev
mailing list