diff options
author | Mario <mario@mariovavti.com> | 2022-03-23 18:38:03 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2022-03-23 18:38:03 +0000 |
commit | a41c7caa182117b2b7b820550cc20dff8be2c0f0 (patch) | |
tree | 19611241fd496b778c2f412ab9ebcc4fb34843bd /view | |
parent | bddeab3ac11efaf786ddb2a6ce3f73d8c06790ab (diff) | |
parent | b3ca31bce7ed0dd5777458005718ba96985cbdc2 (diff) | |
download | volse-hubzilla-a41c7caa182117b2b7b820550cc20dff8be2c0f0.tar.gz volse-hubzilla-a41c7caa182117b2b7b820550cc20dff8be2c0f0.tar.bz2 volse-hubzilla-a41c7caa182117b2b7b820550cc20dff8be2c0f0.zip |
Merge branch 'security-fixes-lfi-xss-open-redirect' into 'dev'
Security fixes
See merge request hubzilla/core!2017
Diffstat (limited to 'view')
-rw-r--r-- | view/theme/redbasic/php/style.php | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/view/theme/redbasic/php/style.php b/view/theme/redbasic/php/style.php index 6ff281581..3dbc29a96 100644 --- a/view/theme/redbasic/php/style.php +++ b/view/theme/redbasic/php/style.php @@ -36,9 +36,8 @@ if(! App::$install) { // not --- like the mobile theme does instead. // Allow layouts to over-ride the schema - -if($_REQUEST['schema']) { - $schema = $_REQUEST['schema']; +if (isset($_REQUEST['schema']) && preg_match('/^[\w_-]+$/i', $_REQUEST['schema'])) { + $schema = $_REQUEST['schema']; } if (($schema) && ($schema != '---')) { |