From 623dfa13845e34c85eae2a66c6aa855c3e059c38 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Mon, 9 Oct 2017 15:13:25 -0700
Subject: purify user-supplied filenames in some cases. Probably not needed but
 it's the right thing to do.

---
 include/nav.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include/nav.php')

diff --git a/include/nav.php b/include/nav.php
index 588104eda..718e7befa 100644
--- a/include/nav.php
+++ b/include/nav.php
@@ -275,8 +275,8 @@ EOT;
 		}
 	}
 
-	$c = theme_include('navbar_' . $template . '.css');
-	$tpl = get_markup_template('navbar_' . $template . '.tpl');
+	$c = theme_include('navbar_' . purify_filename($template) . '.css');
+	$tpl = get_markup_template('navbar_' . purify_filename($template) . '.tpl');
 
 	if($c && $tpl) {
 		head_add_css('navbar_' . $template . '.css');
-- 
cgit v1.2.3