From: niekt0 <niekt0@kyberia.cz>
Date: Wed, 27 Oct 2010 00:05:44 +0000 (+0200)
Subject: LocalFileInclude security fix
X-Git-Url: http://git.harvie.cz/?a=commitdiff_plain;ds=sidebyside;h=9850bdc46997f51024a8e6d2dc183e8745eacf78;hp=fd15ea3a496d31453e21ac89ff4be0ae3fe671ef;p=mirrors%2FKyberia-bloodline.git

LocalFileInclude security fix
---

diff --git a/wwwroot/nodes.php b/wwwroot/nodes.php
index ef08441..22ec5fc 100644
--- a/wwwroot/nodes.php
+++ b/wwwroot/nodes.php
@@ -72,9 +72,10 @@ $smarty->cache_dir = SMARTY_DIR.'cache/';
 $smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
 if ($_SESSION['debugging']) $smarty->debugging=true;
 
-//initializing variables
+// initializing variables
+// preg_replace prevents LFI
 if (empty($_POST['event'])) $event=false;
-else $event=$_POST['event'];
+else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
 
 
 if ($_SESSION['debugging']) {