arno/lychee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Check filename before including for security reasons

Browse Source
This commit is contained in:
Tobias Reich 2014-10-09 18:37:03 +02:00
parent 448dff2c77
commit fc4aebae98
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
php/autoload.php
View File

@ -10,6 +10,9 @@ if (!defined('LYCHEE')) exit('Error: Direct access is not allowed!');
function lycheeAutoloaderModules($class_name) {
$modules = array('Album', 'Database', 'Import', 'Log', 'Module', 'Photo', 'Plugins', 'Session', 'Settings');
if (!in_array($class_name, $modules)) return false;
$file = LYCHEE . 'php/modules/' . $class_name . '.php';
if (file_exists($file)!==false) require $file;
@ -17,6 +20,9 @@ function lycheeAutoloaderModules($class_name) {
function lycheeAutoloaderAccess($class_name) {
$access = array('Access', 'Admin', 'Guest', 'Installation');
if (!in_array($class_name, $access)) return false;
$file = LYCHEE . 'php/access/' . $class_name . '.php';
if (file_exists($file)!==false) require $file;