Revision bdbd8534
Added by Jim Pingle about 6 years ago
| src/etc/inc/auth_func.inc | ||
|---|---|---|
| 42 | 42 |
$file = realpath( $g['www_path'] . '/' . ltrim($file, '/')); |
| 43 | 43 |
if (empty($file)) {
|
| 44 | 44 |
/* File does not exist, or other path shenanigans */ |
| 45 |
|
|
| 46 |
/* Some tabs are just JS anchors, detect this case. */ |
|
| 47 |
if ((substr($page, 0, 1) == "#") && |
|
| 48 |
(strpos($page, '.') === false) && |
|
| 49 |
(strpos($page, '/') === false) && |
|
| 50 |
(strpos($page, '?') === false)) {
|
|
| 51 |
return true; |
|
| 52 |
} |
|
| 53 |
|
|
| 54 |
/* Tried to query a path that does not exist */ |
|
| 45 | 55 |
return false; |
| 46 | 56 |
} |
| 47 | 57 |
$page = str_replace($g['www_path'] . '/', '', $file); |
Also available in: Unified diff
Privilege matching -- allow JS anchors. Fixes #9550
Attempts to detect a special case where a file does not actually
exist, and yet should be allowed since it is used by JavaScript.
So long as the anchor name doesn't contain any characters that might let
it evade other checks, allow it through.