From 26858e577055203a60c59fb62a4d9b8280e65697 Mon Sep 17 00:00:00 2001 From: bergware Date: Fri, 10 Jan 2020 08:07:32 +0100 Subject: [PATCH] Patched vulnerability in template.php --- plugins/dynamix/template.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/plugins/dynamix/template.php b/plugins/dynamix/template.php index e424d4a6f..9193117a3 100644 --- a/plugins/dynamix/template.php +++ b/plugins/dynamix/template.php @@ -43,9 +43,10 @@ foreach (glob('plugins/*', GLOB_ONLYDIR) as $plugin) { if ($plugin != 'plugins/dynamix') build_pages("$plugin/*.page"); } -// Need the following to make php-fpm & nginx work -if (empty($path)) - $path = substr(explode('?', $_SERVER['REQUEST_URI'])[0], 1); +// get variables +$name = $_GET['name']; +$dir = $_GET['dir']; +$path = substr(explode('?', $_SERVER['REQUEST_URI'])[0], 1); // The current "task" is the first element of the path $task = strtok($path, '/');