From: Evan Prodromou <evan@status.net>
Date: Mon, 1 Feb 2010 16:10:36 +0000 (-0500)
Subject: fix local file include vulnerability in doc.php
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=57d8f22a3ae8aba882b7782cbc426e65cdb355f6;p=quix0rs-gnu-social.git

fix local file include vulnerability in doc.php

Conflicts:

	actions/doc.php
---

diff --git a/actions/doc.php b/actions/doc.php
index 25d363472a..eaf4b7df2d 100644
--- a/actions/doc.php
+++ b/actions/doc.php
@@ -54,6 +54,9 @@ class DocAction extends Action
         parent::prepare($args);
 
         $this->title  = $this->trimmed('title');
+        if (!preg_match('/^[a-zA-Z0-9_-]*$/', $this->title)) {
+            $this->title = 'help';
+        }
         $this->output = null;
 
         $this->loadDoc();