Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-19 21:35:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

purify user-supplied filenames in some cases. Probably not needed but it's the right thing to do.

Browse source
This commit is contained in:
zotlabs 2017-10-09 15:13:25 -07:00
parent 23812e5b48
commit 623dfa1384
3 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Zotlabs/Render/Comanche.php
View file

@ -457,6 +457,9 @@ class Comanche {
}
}
if(! purify_filename($name))
return ''
$clsname = ucfirst($name);
$nsname = "\\Zotlabs\\Widget\\" . $clsname;

4
include/nav.php
View file

@ -275,8 +275,8 @@ EOT;
}
}
$c = theme_include('navbar_' . $template . '.css');
$tpl = get_markup_template('navbar_' . $template . '.tpl');
$c = theme_include('navbar_' . purify_filename($template) . '.css');
$tpl = get_markup_template('navbar_' . purify_filename($template) . '.tpl');
if($c && $tpl) {
head_add_css('navbar_' . $template . '.css');

6
include/text.php
View file

@ -3156,3 +3156,9 @@ function ellipsify($s,$maxlen) {
return mb_substr($s,0,$maxlen / 2) . '...' . mb_substr($s,mb_strlen($s) - ($maxlen / 2));
}
function purify_filename($s) {
if(($s[0] === '.') || strpos($s,'/') !== false)
return '';
return $s;
}