PsychoticNinja/Stikked
1
0
Fork 0
mirror of https://github.com/claudehohl/Stikked.git synced 2025-04-25 04:21:17 -05:00
Code Issues Projects Releases Wiki Activity

Update theme_assets.php

Browse Source 
Fix Local File Inclusion vulnerability.
This commit is contained in:
RamadhanAmizudin 2013-11-04 17:10:24 +08:00
parent ec4dabb04f
commit 2d1af12874
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
htdocs/application/controllers/theme_assets.php
View File

@ -23,7 +23,7 @@ class Theme_assets extends CI_Controller
function css()
{
$css_file = $this->uri->segment(4);
$css_file = basename( $css_file ); // Fix LFI Vulnerability
//file path
$file_path = 'themes/' . $this->theme . '/css/' . $css_file;
@ -33,6 +33,11 @@ class Theme_assets extends CI_Controller
{
$file_path = 'themes/default/css/' . $css_file;
}
// Double checking file
if( !file_exists( $file_path ) ) {
return false;
}
//send
header('Content-type: text/css');
@ -43,7 +48,7 @@ class Theme_assets extends CI_Controller
function images()
{
$image_file = $this->uri->segment(4);
$image_file = basename( $image_file );
//file path
$file_path = 'themes/' . $this->theme . '/images/' . $image_file;
@ -53,7 +58,11 @@ class Theme_assets extends CI_Controller
{
$file_path = 'themes/default/images/' . $image_file;
}
// double checking file
if( !file_exists( $file_path ) ) {
return false;
}
//send
$size = getimagesize($file_path);
header('Content-type: ' . $size['mime']);