|
@@ 1457-1460 (lines=4) @@
|
| 1454 |
|
// root controllers |
| 1455 |
|
if (false === stripos(@$_SERVER['SCRIPT_NAME'], 'modules')) { |
| 1456 |
|
// zx 2004/12/13 misc.php debug (file check) |
| 1457 |
|
if (substr(@$_SERVER['SCRIPT_NAME'], -8) === 'misc.php' && ($_GET['type'] === 'debug' || $_POST['type'] === 'debug') && !preg_match('/^dummy_\d+\.html$/', $_GET['file'])) { |
| 1458 |
|
$this->output_log('misc debug'); |
| 1459 |
|
exit; |
| 1460 |
|
} |
| 1461 |
|
|
| 1462 |
|
// zx 2004/12/13 misc.php smilies |
| 1463 |
|
if (substr(@$_SERVER['SCRIPT_NAME'], -8) === 'misc.php' && ($_GET['type'] === 'smilies' || $_POST['type'] === 'smilies') && !preg_match('/^[0-9a-z_]*$/i', $_GET['target'])) { |
|
@@ 1463-1466 (lines=4) @@
|
| 1460 |
|
} |
| 1461 |
|
|
| 1462 |
|
// zx 2004/12/13 misc.php smilies |
| 1463 |
|
if (substr(@$_SERVER['SCRIPT_NAME'], -8) === 'misc.php' && ($_GET['type'] === 'smilies' || $_POST['type'] === 'smilies') && !preg_match('/^[0-9a-z_]*$/i', $_GET['target'])) { |
| 1464 |
|
$this->output_log('misc smilies'); |
| 1465 |
|
exit; |
| 1466 |
|
} |
| 1467 |
|
|
| 1468 |
|
// zx 2005/1/5 edituser.php avatarchoose |
| 1469 |
|
if (substr(@$_SERVER['SCRIPT_NAME'], -12) === 'edituser.php' && $_POST['op'] === 'avatarchoose' && false !== strpos($_POST['user_avatar'], '..')) { |
XOOPS /
XoopsCore25
