summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2015-07-23 18:15:39 +0200
committerAndrey Andreev <narf@devilix.net>2015-07-23 18:15:39 +0200
commitab494d564262f9ad30dc2f57a78b8aceee5e657d (patch)
tree346e5c324aad4896eedc34d445d56060a5ed5995
parent56d346794306cc286288e82532f1e589f559ea91 (diff)
parent08c1a111916a1740e7c33f11ed7097832e1b97df (diff)
Merge pull request #3995 from rajatsharma94/develop
set_realpath IP check
-rw-r--r--system/helpers/path_helper.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/system/helpers/path_helper.php b/system/helpers/path_helper.php
index c23ec6435..c96d0b8b3 100644
--- a/system/helpers/path_helper.php
+++ b/system/helpers/path_helper.php
@@ -61,7 +61,7 @@ if ( ! function_exists('set_realpath'))
function set_realpath($path, $check_existance = FALSE)
{
// Security check to make sure the path is NOT a URL. No remote file inclusion!
- if (preg_match('#^(http:\/\/|https:\/\/|www\.|ftp|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#i', $path))
+ if (preg_match('#^(http:\/\/|https:\/\/|www\.|ftp)#i', $path) OR filter_var($path, FILTER_VALIDATE_IP) === $path )
{
show_error('The path you submitted must be a local server path, not a URL');
}