From 2727bcb3e89b6bd00bdc734931fcffd8701849e1 Mon Sep 17 00:00:00 2001
From: Matt Pass <matt@mattpass.com>
Date: Sun, 24 Apr 2016 11:14:18 +0100
Subject: [PATCH] Replace * when analysing bannedFiles list

---
 lib/file-control-xhr.php | 2 +-
 lib/file-control.php     | 2 +-
 lib/get-branch.php       | 2 +-
 lib/multiple-results.php | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/file-control-xhr.php b/lib/file-control-xhr.php
index 82f1ed9..ed084d0 100644
--- a/lib/file-control-xhr.php
+++ b/lib/file-control-xhr.php
@@ -73,7 +73,7 @@ if (!$error) {
 		// Die if the file requested isn't something we expect
 		if(
 			// On the banned file/dir list
-			($_SESSION['bannedFiles'][$i] != "" && strpos($allFiles[$i],$_SESSION['bannedFiles'][$i])!==false) ||
+			(str_replace("*","",$_SESSION['bannedFiles'][$i]) != "" && strpos($allFiles[$i],str_replace("*","",$_SESSION['bannedFiles'][$i]))!==false) ||
 			// A local folder that isn't the doc root or starts with the doc root
 			($_GET['action']!="getRemoteFile" && !isset($ftpSite) && 
 				rtrim($allFiles[$i],"/") !== rtrim($docRoot,"/") &&
diff --git a/lib/file-control.php b/lib/file-control.php
index e296669..ba3e0dd 100644
--- a/lib/file-control.php
+++ b/lib/file-control.php
@@ -70,7 +70,7 @@ if ($_GET['action']=="load") {
 	// Check this file isn't on the banned list at all
 	$canOpen = true;
 	for ($i=0;$i<count($_SESSION['bannedFiles']);$i++) {
-		if($_SESSION['bannedFiles'][$i] != "" && strpos($file,$_SESSION['bannedFiles'][$i])!==false) {$canOpen = false;}
+		if(str_replace("*","",$_SESSION['bannedFiles'][$i]) != "" && strpos($file,str_replace("*","",$_SESSION['bannedFiles'][$i]))!==false) {$canOpen = false;}
 	}
 
 	if (!$canOpen) {
diff --git a/lib/get-branch.php b/lib/get-branch.php
index fa1395d..a8334b3 100644
--- a/lib/get-branch.php
+++ b/lib/get-branch.php
@@ -143,7 +143,7 @@ if (isset($ftpSite)) {
 foreach($finalArray as $entry) {
 	$canAdd = true;
 	for ($i=0;$i<count($_SESSION['bannedFiles']);$i++) {
-		if($_SESSION['bannedFiles'][$i] != "" && strpos($entry,$_SESSION['bannedFiles'][$i])!==false) {$canAdd = false;}
+		if(str_replace("*","",$_SESSION['bannedFiles'][$i]) != "" && strpos($entry,str_replace("*","",$_SESSION['bannedFiles'][$i]))!==false) {$canAdd = false;}
 	}
 	// Only applicable for local dir, ignoring ICEcoder's dir
 	if (!isset($ftpSite) && $docRoot.$iceRoot.$location."/".$entry == $docRoot.$ICEcoderDir) {
diff --git a/lib/multiple-results.php b/lib/multiple-results.php
index e794471..ad637ed 100644
--- a/lib/multiple-results.php
+++ b/lib/multiple-results.php
@@ -130,7 +130,7 @@ if (startTab!=top.ICEcoder.selectedTab) {
 				$foundInSelFile = false;
 				// Exclude banned files
 				for ($i=0;$i<count($ICEcoder['bannedFiles']);$i++) {
-					if (strpos($f,$ICEcoder['bannedFiles'][$i])!==false) {$bFile = true;};
+					if (strpos($f,str_replace("*","",$ICEcoder['bannedFiles'][$i]))!==false) {$bFile = true;};
 				}
 				// Exclude the folder ICEcoder is running from
 				$rootPrefix = '/'.str_replace("/","\/",preg_quote(str_replace("\\","/",$docRoot))).'/';