[PHP-WEBMASTER] com web/php: Fix potential file-include vulnerability: include/layout.inc

[Peter Cowburn]

Commit:    686c4181e35c1b248dd95d502524cdc11a86c6d4
Author:    Anthony Ferrara <ircmax...@gmail.com>         Tue, 20 Jan 2015 
16:10:19 -0500
Parents:   a4d873b05f0ea8ec26327bcccc645f051e15ca18
Branches:  master

Link:       
http://git.php.net/?p=web/php.git;a=commitdiff;h=686c4181e35c1b248dd95d502524cdc11a86c6d4

Log:
Fix potential file-include vulnerability

Fix potential file-include vulnerability by adding `EXTR_SKIP` to extract so it 
doesn't overwrite `$params` array.

Changed paths:
  M  include/layout.inc


Diff:
diff --git a/include/layout.inc b/include/layout.inc
index 4b7d29e..9fc583b 100644
--- a/include/layout.inc
+++ b/include/layout.inc
@@ -396,7 +396,7 @@ function print_view($templateName, array $params = array()) 
{
     $path = $_SERVER['DOCUMENT_ROOT'] . '/views/' . $templateName;
     if(file_exists($path)) {
         if(!empty($params)) {
-            extract($params);
+            extract($params, EXTR_SKIP);
         }
         include_once $path;
     }


--
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php