source.dussan.org Git - nextcloud-server.git/commit

]> source.dussan.org Git - nextcloud-server.git/commit

projects / nextcloud-server.git / commit

author	Lukas Reschke <lukas@statuscode.ch>
	Wed, 19 Feb 2014 14:38:00 +0000 (15:38 +0100)
committer	Lukas Reschke <lukas@statuscode.ch>
	Wed, 19 Feb 2014 14:38:00 +0000 (15:38 +0100)
commit	2d5b3899a68adb496d6e20e93352395ba7b5dd2e
tree	0ce35223cdbd079b8197fb9d50fd1f6fe81261af	tree \| snapshot
parent	952584e9c782d196eb2bcd6df1e3ecdf21adcb55	commit \| diff

Hardening: Remove dangerous characters + Subdirectory Check

If an user is able to create folders in /core/l10n/ he is able to execute arbitrary code. Therefore I've added an `issubdirectory` check and removed all potential dangerous characters from `$lang`.

lib/private/l10n.php

diff | blob | history

Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server

RSS Atom