From 57d8f22a3ae8aba882b7782cbc426e65cdb355f6 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 1 Feb 2010 11:10:36 -0500 Subject: [PATCH] fix local file include vulnerability in doc.php Conflicts: actions/doc.php --- actions/doc.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/actions/doc.php b/actions/doc.php index 25d363472a..eaf4b7df2d 100644 --- a/actions/doc.php +++ b/actions/doc.php @@ -54,6 +54,9 @@ class DocAction extends Action parent::prepare($args); $this->title = $this->trimmed('title'); + if (!preg_match('/^[a-zA-Z0-9_-]*$/', $this->title)) { + $this->title = 'help'; + } $this->output = null; $this->loadDoc(); -- 2.39.5