diff options
author | Andrey Andreev <narf@devilix.net> | 2015-07-23 18:15:39 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2015-07-23 18:15:39 +0200 |
commit | ab494d564262f9ad30dc2f57a78b8aceee5e657d (patch) | |
tree | 346e5c324aad4896eedc34d445d56060a5ed5995 | |
parent | 56d346794306cc286288e82532f1e589f559ea91 (diff) | |
parent | 08c1a111916a1740e7c33f11ed7097832e1b97df (diff) |
Merge pull request #3995 from rajatsharma94/develop
set_realpath IP check
-rw-r--r-- | system/helpers/path_helper.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/system/helpers/path_helper.php b/system/helpers/path_helper.php index c23ec6435..c96d0b8b3 100644 --- a/system/helpers/path_helper.php +++ b/system/helpers/path_helper.php @@ -61,7 +61,7 @@ if ( ! function_exists('set_realpath')) function set_realpath($path, $check_existance = FALSE) { // Security check to make sure the path is NOT a URL. No remote file inclusion! - if (preg_match('#^(http:\/\/|https:\/\/|www\.|ftp|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#i', $path)) + if (preg_match('#^(http:\/\/|https:\/\/|www\.|ftp)#i', $path) OR filter_var($path, FILTER_VALIDATE_IP) === $path ) { show_error('The path you submitted must be a local server path, not a URL'); } |