summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvan Prodromou <evan@status.net>2010-02-01 11:05:55 -0500
committerEvan Prodromou <evan@status.net>2010-02-01 11:05:55 -0500
commit45c1516217af42c62fbf1d69cb795939a473ef02 (patch)
tree88a34dce8a4dc3d31884f0294b3a304e87145c58
parent5c36e29e7fd2f41ff5533d181047f1a86ad8a20a (diff)
fix local file include vulnerability in doc.php
-rw-r--r--actions/doc.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/actions/doc.php b/actions/doc.php
index 68295234c..9d74fb0a6 100644
--- a/actions/doc.php
+++ b/actions/doc.php
@@ -59,6 +59,10 @@ class DocAction extends Action
{
parent::handle($args);
$this->title = $this->trimmed('title');
+ // Prevent local file include
+ if (!preg_match('/^[a-zA-Z0-9_-]*$/', $this->title)) {
+ $this->title = 'help';
+ }
$this->filename = INSTALLDIR.'/doc-src/'.$this->title;
if (!file_exists($this->filename)) {
$this->clientError(_('No such document.'));