Commits

Anonymous committed 64ebf6b

Fixed security vulnerability (Local File Inclusion).

Comments (0)

Files changed (2)

site/controller.php

 <?php
 
+defined( '_JEXEC' ) or die( 'Restricted access' );
+
 jimport('joomla.application.component.controller');
 
 class JoomlaFlickrController extends JController
 
 		// Retrieve the current view
 		$document =& JFactory::getDocument();
-		$viewName  = JRequest::getVar( 'view', 'display' );
-		$viewType	= $document->getType();
+		$viewName = JRequest::getWord( 'view', 'display' );
+		$viewType = $document->getType();
 		$view = & $this->getView($viewName, $viewType);
 
 		// Set the correct model for the view
 		$model  = & $this->getModel('joomlaflickr');
-    $view->setModel( $model, true );
+ 		$view->setModel( $model, true );
 
 		// Display the view
 		parent::display();

site/joomlaflickr.php

 require_once (JPATH_COMPONENT.DS.'controller.php');
 
 // Require specific controller if requested
-if($controller = JRequest::getVar('controller')) {
+if($controller = JRequest::getWord('controller')) {
 	require_once (JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php');
 }
 
 $controller = new $classname( );
 
 // Perform the Request task
-$controller->execute( JRequest::getVar('task'));
+$controller->execute( JRequest::getWord('task'));
 
 // Redirect if set by the controller
 $controller->redirect();
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.