Improve name validation checks on local File references

[quix0rs-gnu-social.git] / actions / getfile.php

diff --git a/actions/getfile.php b/actions/getfile.php
index cd327e41007e43b25fd26db97c25d26145e040f5..9cbe8e1d993526cb2c1690c540e31efc40d99254 100644 (file)
--- a/actions/getfile.php
+++ b/actions/getfile.php
@@ -71,7 +71,7 @@ class GetfileAction extends Action
         $filename = $this->trimmed('filename');
         $path = null;
 
-        if ($filename) {
+        if ($filename && File::validFilename($filename)) {
             $path = File::path($filename);
         }