Strip ../ in reading.

git-svn-id: https://develop.svn.wordpress.org/trunk@1020 602fd350-edb4-49c9-b593-d223f7449a82
2004-03-27 17:05:16 +00:00 · 2004-03-27 17:05:16 +00:00 · 0864452ab6
commit 0864452ab6
parent 5a37c37d10
1 changed files with 1 additions and 0 deletions
--- a/wp-admin/templates.php
+++ b/wp-admin/templates.php
@ -83,6 +83,7 @@ default:
 		$file = '.' . $file;
 	
 	$file = stripslashes($file);
+	$file = str_replace('../', '', $file);
 	$file = '../' . $file;
 	
 	if (!is_file($file))