Patched vulnerability in template.php

2026-03-07 18:39:27 -06:00 · 2020-01-10 08:07:32 +01:00
parent 932bee6152
commit 26858e5770
1 changed files with 4 additions and 3 deletions
--- a/plugins/dynamix/template.php
+++ b/plugins/dynamix/template.php
@@ -43,9 +43,10 @@ foreach (glob('plugins/*', GLOB_ONLYDIR) as $plugin) {
  if ($plugin != 'plugins/dynamix') build_pages("$plugin/*.page");
 }

-// Need the following to make php-fpm & nginx work
-if (empty($path))
-  $path = substr(explode('?', $_SERVER['REQUEST_URI'])[0], 1);
+// get variables
+$name = $_GET['name'];
+$dir = $_GET['dir'];
+$path = substr(explode('?', $_SERVER['REQUEST_URI'])[0], 1);

 // The current "task" is the first element of the path
 $task = strtok($path, '/');