|
@@ 1200-1203 (lines=4) @@
|
| 1197 |
|
// root controllers |
| 1198 |
|
if (!stristr(@$_SERVER['SCRIPT_NAME'], 'modules')) { |
| 1199 |
|
// zx 2004/12/13 misc.php debug (file check) |
| 1200 |
|
if (substr(@$_SERVER['SCRIPT_NAME'], -8) === 'misc.php' && ($_GET['type'] === 'debug' || $_POST['type'] === 'debug') && !preg_match('/^dummy_[0-9]+\.html$/', $_GET['file'])) { |
| 1201 |
|
$this->output_log('misc debug'); |
| 1202 |
|
exit; |
| 1203 |
|
} |
| 1204 |
|
|
| 1205 |
|
// zx 2004/12/13 misc.php smilies |
| 1206 |
|
if (substr(@$_SERVER['SCRIPT_NAME'], -8) === 'misc.php' && ($_GET['type'] === 'smilies' || $_POST['type'] === 'smilies') && !preg_match('/^[0-9a-z_]*$/i', $_GET['target'])) { |
|
@@ 1206-1209 (lines=4) @@
|
| 1203 |
|
} |
| 1204 |
|
|
| 1205 |
|
// zx 2004/12/13 misc.php smilies |
| 1206 |
|
if (substr(@$_SERVER['SCRIPT_NAME'], -8) === 'misc.php' && ($_GET['type'] === 'smilies' || $_POST['type'] === 'smilies') && !preg_match('/^[0-9a-z_]*$/i', $_GET['target'])) { |
| 1207 |
|
$this->output_log('misc smilies'); |
| 1208 |
|
exit; |
| 1209 |
|
} |
| 1210 |
|
|
| 1211 |
|
// zx 2005/1/5 edituser.php avatarchoose |
| 1212 |
|
if (substr(@$_SERVER['SCRIPT_NAME'], -12) === 'edituser.php' && $_POST['op'] === 'avatarchoose' && strstr($_POST['user_avatar'], '..')) { |
geekwright /
XoopsCore
