From 623dfa13845e34c85eae2a66c6aa855c3e059c38 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Mon, 9 Oct 2017 15:13:25 -0700
Subject: purify user-supplied filenames in some cases. Probably not needed but
 it's the right thing to do.

---
 Zotlabs/Render/Comanche.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'Zotlabs/Render')

diff --git a/Zotlabs/Render/Comanche.php b/Zotlabs/Render/Comanche.php
index ca664cba6..675282962 100644
--- a/Zotlabs/Render/Comanche.php
+++ b/Zotlabs/Render/Comanche.php
@@ -457,6 +457,9 @@ class Comanche {
 			}
 		}
 
+		if(! purify_filename($name))
+			return ''
+
 		$clsname = ucfirst($name);
 		$nsname = "\\Zotlabs\\Widget\\" . $clsname;
 
-- 
cgit v1.2.3