From fc3cdbc78545ec8fc1cd5594272485d58c594b33 Mon Sep 17 00:00:00 2001
From: Cyril Vazquez <cyril.vazquez@maarch.org>
Date: Thu, 30 Oct 2014 21:39:24 +0000
Subject: [PATCH] FIX #1641 Secure &page= to prevent Local File Inclusion

---
 core/trunk/core/class/class_core_tools.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/core/trunk/core/class/class_core_tools.php b/core/trunk/core/class/class_core_tools.php
index 1ff4f40bbb6..c09ed8847e0 100644
--- a/core/trunk/core/class/class_core_tools.php
+++ b/core/trunk/core/class/class_core_tools.php
@@ -1355,7 +1355,12 @@ class core_tools extends functions
         }
         // Cleans the page variables and looks if she exists or not before including her
         if(isset($_GET['page']) && !empty($_GET['page'])) {
-            $this->f_page = $this->wash($_GET['page'],"file","","yes");
+            // CVA 31 oct 2014 Security Local File Inclusion
+            $this->f_page = str_replace(
+                array('../', '..%2F'), 
+                array ('', ''), 
+                $this->wash($_GET['page'],"file","","yes")
+                );
         } else {
             $this->loadDefaultPage();
             return true;
-- 
GitLab