]> git.mxchange.org Git - quix0rs-gnu-social.git/blobdiff - actions/doc.php
projects / quix0rs-gnu-social.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix local file include vulnerability in doc.php
[quix0rs-gnu-social.git] / actions / doc.php
diff --git a/actions/doc.php b/actions/doc.php
index 25d363472a2cca2feadf3d1292c1d226c64f8bd5..eaf4b7df2d8f0b62365b718cca266ffe572ac1f8 100644 (file)
--- a/actions/doc.php
+++ b/actions/doc.php
@@ -54,6 +54,9 @@ class DocAction extends Action
         parent::prepare($args);
 
         $this->title  = $this->trimmed('title');
+        if (!preg_match('/^[a-zA-Z0-9_-]*$/', $this->title)) {
+            $this->title = 'help';
+        }
         $this->output = null;
 
         $this->loadDoc();
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)