From 54ab4048062471b022061dee257456a46973de50 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@status.net>
Date: Mon, 1 Feb 2010 11:05:55 -0500
Subject: fix local file include vulnerability in doc.php

---
 actions/doc.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/actions/doc.php b/actions/doc.php
index e6508030b..fe5810579 100644
--- a/actions/doc.php
+++ b/actions/doc.php
@@ -59,6 +59,10 @@ class DocAction extends Action
     {
         parent::handle($args);
         $this->title    = $this->trimmed('title');
+        // Prevent local file include
+        if (!preg_match('/^[a-zA-Z0-9_-]*$/', $this->title)) {
+            $this->title = 'help';
+        }
         $this->filename = INSTALLDIR.'/doc-src/'.$this->title;
         if (!file_exists($this->filename)) {
             $this->clientError(_('No such document.'));
-- 
cgit v1.2.3