summaryrefslogtreecommitdiff
path: root/actions/doc.php
diff options
context:
space:
mode:
authorEvan Prodromou <evan@status.net>2010-02-01 11:10:36 -0500
committerEvan Prodromou <evan@status.net>2010-02-01 11:20:22 -0500
commit57d8f22a3ae8aba882b7782cbc426e65cdb355f6 (patch)
tree57e9c0f947295e9ad11a25d8cfa38c1ea18a5cac /actions/doc.php
parentf9cb1c32650ff755b79837594fabb20f64e0fe1f (diff)
fix local file include vulnerability in doc.php
Conflicts: actions/doc.php
Diffstat (limited to 'actions/doc.php')
-rw-r--r--actions/doc.php3
1 files changed, 3 insertions, 0 deletions
diff --git a/actions/doc.php b/actions/doc.php
index 25d363472..eaf4b7df2 100644
--- a/actions/doc.php
+++ b/actions/doc.php
@@ -54,6 +54,9 @@ class DocAction extends Action
parent::prepare($args);
$this->title = $this->trimmed('title');
+ if (!preg_match('/^[a-zA-Z0-9_-]*$/', $this->title)) {
+ $this->title = 'help';
+ }
$this->output = null;
$this->loadDoc();