summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/doc.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/actions/doc.php b/actions/doc.php
index 68295234c..9d74fb0a6 100644
--- a/actions/doc.php
+++ b/actions/doc.php
@@ -59,6 +59,10 @@ class DocAction extends Action
{
parent::handle($args);
$this->title = $this->trimmed('title');
+ // Prevent local file include
+ if (!preg_match('/^[a-zA-Z0-9_-]*$/', $this->title)) {
+ $this->title = 'help';
+ }
$this->filename = INSTALLDIR.'/doc-src/'.$this->title;
if (!file_exists($this->filename)) {
$this->clientError(_('No such document.'));