|
@@ 1447-1450 (lines=4) @@
|
| 1444 |
|
// root controllers |
| 1445 |
|
if (false === stripos(@$_SERVER['SCRIPT_NAME'], 'modules')) { |
| 1446 |
|
// zx 2004/12/13 misc.php debug (file check) |
| 1447 |
|
if (substr(@$_SERVER['SCRIPT_NAME'], -8) === 'misc.php' && ($_GET['type'] === 'debug' || $_POST['type'] === 'debug') && !preg_match('/^dummy_\d+\.html$/', $_GET['file'])) { |
| 1448 |
|
$this->output_log('misc debug'); |
| 1449 |
|
exit; |
| 1450 |
|
} |
| 1451 |
|
|
| 1452 |
|
// zx 2004/12/13 misc.php smilies |
| 1453 |
|
if (substr(@$_SERVER['SCRIPT_NAME'], -8) === 'misc.php' && ($_GET['type'] === 'smilies' || $_POST['type'] === 'smilies') && !preg_match('/^[0-9a-z_]*$/i', $_GET['target'])) { |
|
@@ 1453-1456 (lines=4) @@
|
| 1450 |
|
} |
| 1451 |
|
|
| 1452 |
|
// zx 2004/12/13 misc.php smilies |
| 1453 |
|
if (substr(@$_SERVER['SCRIPT_NAME'], -8) === 'misc.php' && ($_GET['type'] === 'smilies' || $_POST['type'] === 'smilies') && !preg_match('/^[0-9a-z_]*$/i', $_GET['target'])) { |
| 1454 |
|
$this->output_log('misc smilies'); |
| 1455 |
|
exit; |
| 1456 |
|
} |
| 1457 |
|
|
| 1458 |
|
// zx 2005/1/5 edituser.php avatarchoose |
| 1459 |
|
if (substr(@$_SERVER['SCRIPT_NAME'], -12) === 'edituser.php' && $_POST['op'] === 'avatarchoose' && false !== strpos($_POST['user_avatar'], '..')) { |
mambax7 /
XoopsCore25
