| | |
|---|
| | | */ |
|---|
| | | public function set_skin($skin) |
|---|
| | | { |
|---|
| | | // Sanity check to prevent from path traversal vulnerability (#1490620) |
|---|
| | | if (strpos($skin, '/') !== false || strpos($skin, "\\") !== false) { |
|---|
| | | rcube::raise_error(array( |
|---|
| | | 'file' => __FILE__, |
|---|
| | | 'line' => __LINE__, |
|---|
| | | 'message' => 'Invalid skin name' |
|---|
| | | ), true, false); |
|---|
| | | |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $valid = false; |
|---|
| | | $path = RCUBE_INSTALL_PATH . 'skins/'; |
|---|
| | | |
|---|
| | |
|---|
| | | if ($override || !$this->message) { |
|---|
| | | if ($this->app->text_exists($message)) { |
|---|
| | | if (!empty($vars)) |
|---|
| | | $vars = array_map('Q', $vars); |
|---|
| | | $vars = array_map(array('rcube','Q'), $vars); |
|---|
| | | $msgtext = $this->app->gettext(array('name' => $message, 'vars' => $vars)); |
|---|
| | | } |
|---|
| | | else |
|---|
