aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-10-09 15:13:25 -0700
committerzotlabs <mike@macgirvin.com>2017-10-09 15:13:25 -0700
commit623dfa13845e34c85eae2a66c6aa855c3e059c38 (patch)
tree70fbe8f95501df8c264b65dcd08e1b5b9d2898ab /Zotlabs
parent23812e5b48b7a4d4f0c275c0fbb3d244a582397c (diff)
downloadvolse-hubzilla-623dfa13845e34c85eae2a66c6aa855c3e059c38.tar.gz
volse-hubzilla-623dfa13845e34c85eae2a66c6aa855c3e059c38.tar.bz2
volse-hubzilla-623dfa13845e34c85eae2a66c6aa855c3e059c38.zip
purify user-supplied filenames in some cases. Probably not needed but it's the right thing to do.
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Render/Comanche.php3
1 files changed, 3 insertions, 0 deletions
diff --git a/Zotlabs/Render/Comanche.php b/Zotlabs/Render/Comanche.php
index ca664cba6..675282962 100644
--- a/Zotlabs/Render/Comanche.php
+++ b/Zotlabs/Render/Comanche.php
@@ -457,6 +457,9 @@ class Comanche {
}
}
+ if(! purify_filename($name))
+ return ''
+
$clsname = ucfirst($name);
$nsname = "\\Zotlabs\\Widget\\" . $clsname;