One question, That I can't test now, But Amx Mod X have bug of Path Traversa?
Looking the source code.. I think that yes.
More Info:
http://en.wikipedia.org/wiki/Directory_traversal
A Solution that I add in my module:
PHP Code:
char *RB_C99_Replace(const char *str, const char *cold, const char *cnew)
{
char *ret, *r;
const char *p, *q;
size_t oldlen = strlen(cold);
size_t count, retlen, newlen = strlen(cnew);
if (oldlen != newlen)
{
for (count = 0, p = str; (q = strstr(p, cold)) != NULL; p = q + oldlen)
count++;
retlen = p - str + strlen(p) + count * (newlen - oldlen);
}
else
{
retlen = strlen(str);
}
ret = (char *)malloc(retlen + 1);
for (r = ret, p = str; (q = strstr(p, cold)) != NULL; p = q + oldlen)
{
ptrdiff_t l = q - p;
memcpy(r, p, l);
r += l;
memcpy(r, cnew, newlen);
r += newlen;
}
strcpy(r, p);
return ret;
}
// To Prevent Path Traversa!!!
char* RB_AntiPathTraversa(const char *path)
{
return MF_BuildPathname( "%s", RB_C99_Replace(RB_C99_Replace(path, "../", "" ), "..\\", "" ) );
}
__________________