[SPIP] ~maj v3.2.9-->v3.2.11

[lhc/web/www.git] / www / plugins-dist / medias / lib / getid3 / module.audio.shorten.php

diff --git a/www/plugins-dist/medias/lib/getid3/module.audio.shorten.php b/www/plugins-dist/medias/lib/getid3/module.audio.shorten.php
index f5e2a57..533208f 100644 (file)
--- a/www/plugins-dist/medias/lib/getid3/module.audio.shorten.php
+++ b/www/plugins-dist/medias/lib/getid3/module.audio.shorten.php
@@ -14,7 +14,9 @@
 //                                                            ///
 /////////////////////////////////////////////////////////////////
 
-
+if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers
+       exit;
+}
 class getid3_shorten extends getid3_handler
 {
        /**
@@ -150,6 +152,9 @@ class getid3_shorten extends getid3_handler
 
                if (!empty($output) && (substr($output, 12, 4) == 'fmt ')) {
 
+                       if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers
+                               exit;
+                       }
                        getid3_lib::IncludeDependency(GETID3_INCLUDEPATH.'module.audio-video.riff.php', __FILE__, true);
 
                        $fmt_size = getid3_lib::LittleEndian2Int(substr($output, 16, 4));