purify user-supplied filenames in some cases. Probably not needed but it's the right thing to do.

2017-10-09 15:13:25 -07:00 · 2017-10-09 15:13:25 -07:00 · 623dfa1384
commit 623dfa1384
parent 23812e5b48
3 changed files with 11 additions and 2 deletions
--- a/Zotlabs/Render/Comanche.php
+++ b/Zotlabs/Render/Comanche.php
@ -457,6 +457,9 @@ class Comanche {
 			}
 		}

+		if(! purify_filename($name))
+			return ''
+
 		$clsname = ucfirst($name);
 		$nsname = "\\Zotlabs\\Widget\\" . $clsname;

--- a/include/nav.php
+++ b/include/nav.php
@ -275,8 +275,8 @@ EOT;
 		}
 	}

-	$c = theme_include('navbar_' . $template . '.css');
-	$tpl = get_markup_template('navbar_' . $template . '.tpl');
+	$c = theme_include('navbar_' . purify_filename($template) . '.css');
+	$tpl = get_markup_template('navbar_' . purify_filename($template) . '.tpl');

 	if($c && $tpl) {
 		head_add_css('navbar_' . $template . '.css');
--- a/include/text.php
+++ b/include/text.php
@ -3156,3 +3156,9 @@ function ellipsify($s,$maxlen) {

 	return mb_substr($s,0,$maxlen / 2) . '...' . mb_substr($s,mb_strlen($s) - ($maxlen / 2));
 }
+
+function purify_filename($s) {
+	if(($s[0] === '.') || strpos($s,'/') !== false)
+		return '';
+	return $s;
+}