diff options
| -rw-r--r-- | Zotlabs/Render/Comanche.php | 3 | ||||
| -rw-r--r-- | include/nav.php | 4 | ||||
| -rw-r--r-- | include/text.php | 6 |
3 files changed, 11 insertions, 2 deletions
diff --git a/Zotlabs/Render/Comanche.php b/Zotlabs/Render/Comanche.php index ca664cba6..675282962 100644 --- a/Zotlabs/Render/Comanche.php +++ b/Zotlabs/Render/Comanche.php @@ -457,6 +457,9 @@ class Comanche { } } + if(! purify_filename($name)) + return '' + $clsname = ucfirst($name); $nsname = "\\Zotlabs\\Widget\\" . $clsname; diff --git a/include/nav.php b/include/nav.php index 588104eda..718e7befa 100644 --- a/include/nav.php +++ b/include/nav.php @@ -275,8 +275,8 @@ EOT; } } - $c = theme_include('navbar_' . $template . '.css'); - $tpl = get_markup_template('navbar_' . $template . '.tpl'); + $c = theme_include('navbar_' . purify_filename($template) . '.css'); + $tpl = get_markup_template('navbar_' . purify_filename($template) . '.tpl'); if($c && $tpl) { head_add_css('navbar_' . $template . '.css'); diff --git a/include/text.php b/include/text.php index 80914747b..8a65be0d5 100644 --- a/include/text.php +++ b/include/text.php @@ -3156,3 +3156,9 @@ function ellipsify($s,$maxlen) { return mb_substr($s,0,$maxlen / 2) . '...' . mb_substr($s,mb_strlen($s) - ($maxlen / 2)); } + +function purify_filename($s) { + if(($s[0] === '.') || strpos($s,'/') !== false) + return ''; + return $s; +} |