Revision f8560a14
Added by Jim Pingle over 6 years ago
| src/etc/inc/auth_func.inc | ||
|---|---|---|
| 42 | 42 |
$file = realpath( $g['www_path'] . '/' . ltrim($file, '/')); |
| 43 | 43 |
if (empty($file)) {
|
| 44 | 44 |
/* File does not exist, or other path shenanigans */ |
| 45 |
|
|
| 46 |
/* Some tabs are just JS anchors, detect this case. */ |
|
| 47 |
if ((substr($page, 0, 1) == "#") && |
|
| 48 |
(strpos($page, '.') === false) && |
|
| 49 |
(strpos($page, '/') === false) && |
|
| 50 |
(strpos($page, '?') === false)) {
|
|
| 51 |
return true; |
|
| 52 |
} |
|
| 53 |
|
|
| 54 |
/* Tried to query a path that does not exist */ |
|
| 45 | 55 |
return false; |
| 46 | 56 |
} |
| 47 | 57 |
$page = str_replace($g['www_path'] . '/', '', $file); |
Also available in: Unified diff
Privilege matching -- allow JS anchors. Fixes #9550
Attempts to detect a special case where a file does not actually
exist, and yet should be allowed since it is used by JavaScript.
So long as the anchor name doesn't contain any characters that might let
it evade other checks, allow it through.
(cherry picked from commit bdbd8534eef5b93370065340de225a1cd5e5faa8)