harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

purify user-supplied filenames in some cases. Probably not needed but it's the right thing to do.

Browse Source
This commit is contained in:
zotlabs
2017-10-09 15:13:25 -07:00
parent 23812e5b48
commit 623dfa1384
3 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/nav.php
View File

@@ -275,8 +275,8 @@ EOT;
}
}
$c = theme_include('navbar_' . $template . '.css');
$tpl = get_markup_template('navbar_' . $template . '.tpl');
$c = theme_include('navbar_' . purify_filename($template) . '.css');
$tpl = get_markup_template('navbar_' . purify_filename($template) . '.tpl');
if($c && $tpl) {
head_add_css('navbar_' . $template . '.css');

6
include/text.php
View File

@@ -3156,3 +3156,9 @@ function ellipsify($s,$maxlen) {
return mb_substr($s,0,$maxlen / 2) . '...' . mb_substr($s,mb_strlen($s) - ($maxlen / 2));
}
function purify_filename($s) {
if(($s[0] === '.') || strpos($s,'/') !== false)
return '';
return $s;
}