Changeset 3267:1c79c0953db8 for inc

Timestamp:

07/12/16 08:29:10 (9 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

Prevents .htaccess upload, thanks wiswat for reporting this.

Location:

inc

Files:

inc/core/class.dc.core.php

r3266	r3267
1396	1396	array('lang','string','en',
1397	1397	'Default blog language'),
1398		array('media_exclusion','string','/\.(phps?\|pht(ml)?\|phl\|s?html?\|js)[0-9]*$/i',
	1398	array('media_exclusion','string','/\.(phps?\|pht(ml)?\|phl\|s?html?\|js\|htaccess)[0-9]*$/i',
1399	1399	'File name exclusion pattern in media manager. (PCRE value)'),
1400	1400	array('media_img_m_size','integer',448,

-                      r3261
+                      r3267
                     @file_put_contents($f,'Require all denied'."\n".'Deny from all'."\n");
+               }
+               # Update flie exclusion upload regex
+               $strReq = 'UPDATE '.$core->prefix.'setting '.
+                         " SET setting_value = '/\\.(phps?|pht(ml)?|phl|s?html?|js|htaccess)[0-9]*\$/i' ".
+                         " WHERE setting_id = 'media_exclusion' ".
+                         " AND setting_ns = 'system' ".
+                         " AND (setting_value = '/\\.php[0-9]*\$/i' ".
+                         "   OR setting_value = '/\\.php\$/i') ".
+                         "    OR setting_value = '/\\.(phps?|pht(ml)?|phl)[0-9]*\$/i' ".
+                         "    OR setting_value = '/\\.(phps?|pht(ml)?|phl|s?html?|js)[0-9]*\$/i'";
+               $core->con->execute($strReq);
+          }

Note: See TracChangeset for help on using the changeset viewer.