|
@@ 1390-1393 (lines=4) @@
|
| 1387 |
|
// root controllers |
| 1388 |
|
if (false === stripos(@$_SERVER['SCRIPT_NAME'], 'modules')) { |
| 1389 |
|
// zx 2004/12/13 misc.php debug (file check) |
| 1390 |
|
if (substr(@$_SERVER['SCRIPT_NAME'], -8) === 'misc.php' && ($_GET['type'] === 'debug' || $_POST['type'] === 'debug') && !preg_match('/^dummy_\d+\.html$/', $_GET['file'])) { |
| 1391 |
|
$this->output_log('misc debug'); |
| 1392 |
|
exit; |
| 1393 |
|
} |
| 1394 |
|
|
| 1395 |
|
// zx 2004/12/13 misc.php smilies |
| 1396 |
|
if (substr(@$_SERVER['SCRIPT_NAME'], -8) === 'misc.php' && ($_GET['type'] === 'smilies' || $_POST['type'] === 'smilies') && !preg_match('/^[0-9a-z_]*$/i', $_GET['target'])) { |
|
@@ 1396-1399 (lines=4) @@
|
| 1393 |
|
} |
| 1394 |
|
|
| 1395 |
|
// zx 2004/12/13 misc.php smilies |
| 1396 |
|
if (substr(@$_SERVER['SCRIPT_NAME'], -8) === 'misc.php' && ($_GET['type'] === 'smilies' || $_POST['type'] === 'smilies') && !preg_match('/^[0-9a-z_]*$/i', $_GET['target'])) { |
| 1397 |
|
$this->output_log('misc smilies'); |
| 1398 |
|
exit; |
| 1399 |
|
} |
| 1400 |
|
|
| 1401 |
|
// zx 2005/1/5 edituser.php avatarchoose |
| 1402 |
|
if (substr(@$_SERVER['SCRIPT_NAME'], -12) === 'edituser.php' && $_POST['op'] === 'avatarchoose' && false !== strpos($_POST['user_avatar'], '..')) { |
XOOPS /
XoopsCore25
