From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.
---
interface/lib/classes/searchform_actions.inc.php | 13 +++++--------
1 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/interface/lib/classes/searchform_actions.inc.php b/interface/lib/classes/searchform_actions.inc.php
index e128ce8..a451f4a 100644
--- a/interface/lib/classes/searchform_actions.inc.php
+++ b/interface/lib/classes/searchform_actions.inc.php
@@ -1,7 +1,7 @@
<?php
/*
-Copyright (c) 2005, Till Brehm, projektfarm Gmbh
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
@@ -26,13 +26,6 @@
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/**
-* Action framework for the searchform library.
-*
-* @author Till Brehm <t.brehm@scrigo.org>
-* @copyright Copyright © 2005, Till Brehm
*/
class searchform_actions {
@@ -158,7 +151,11 @@
global $app;
// Language File setzen
+ $lng_file = ISPC_WEB_PATH.'/lang/lib/lang/'.$_SESSION['s']['language'].'_list.lng';
+ if(!file_exists($lng_file)) $lng_file = ISPC_WEB_PATH.'/lang/lib/lang/en_'.'_list.lng';
+ include($lng_file);
$lng_file = "lib/lang/".$_SESSION["s"]["language"]."_".$app->searchform->listDef['name']."_search.lng";
+ if(!file_exists($lng_file)) $lng_file = 'lib/lang/en_'.$app->searchform->listDef['name']."_search.lng";
include($lng_file);
$app->tpl->setVar($wb);
$app->tpl->setVar("form_action",$app->searchform->listDef["file"]);
--
Gitblit v1.9.1