diff options
| author | Evan Prodromou <evan@status.net> | 2010-02-01 11:10:36 -0500 |
|---|---|---|
| committer | Evan Prodromou <evan@status.net> | 2010-02-01 11:20:22 -0500 |
| commit | 57d8f22a3ae8aba882b7782cbc426e65cdb355f6 (patch) | |
| tree | 57e9c0f947295e9ad11a25d8cfa38c1ea18a5cac | |
| parent | f9cb1c32650ff755b79837594fabb20f64e0fe1f (diff) | |
fix local file include vulnerability in doc.php
Conflicts:
actions/doc.php
| -rw-r--r-- | actions/doc.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/actions/doc.php b/actions/doc.php index 25d363472..eaf4b7df2 100644 --- a/actions/doc.php +++ b/actions/doc.php @@ -54,6 +54,9 @@ class DocAction extends Action parent::prepare($args); $this->title = $this->trimmed('title'); + if (!preg_match('/^[a-zA-Z0-9_-]*$/', $this->title)) { + $this->title = 'help'; + } $this->output = null; $this->loadDoc(); |