diff options
author | zotlabs <mike@macgirvin.com> | 2017-10-09 15:13:25 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-10-09 15:13:25 -0700 |
commit | 623dfa13845e34c85eae2a66c6aa855c3e059c38 (patch) | |
tree | 70fbe8f95501df8c264b65dcd08e1b5b9d2898ab /Zotlabs/Render | |
parent | 23812e5b48b7a4d4f0c275c0fbb3d244a582397c (diff) | |
download | volse-hubzilla-623dfa13845e34c85eae2a66c6aa855c3e059c38.tar.gz volse-hubzilla-623dfa13845e34c85eae2a66c6aa855c3e059c38.tar.bz2 volse-hubzilla-623dfa13845e34c85eae2a66c6aa855c3e059c38.zip |
purify user-supplied filenames in some cases. Probably not needed but it's the right thing to do.
Diffstat (limited to 'Zotlabs/Render')
-rw-r--r-- | Zotlabs/Render/Comanche.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/Zotlabs/Render/Comanche.php b/Zotlabs/Render/Comanche.php index ca664cba6..675282962 100644 --- a/Zotlabs/Render/Comanche.php +++ b/Zotlabs/Render/Comanche.php @@ -457,6 +457,9 @@ class Comanche { } } + if(! purify_filename($name)) + return '' + $clsname = ucfirst($name); $nsname = "\\Zotlabs\\Widget\\" . $clsname; |