diff options
author | Andrew Dolgov <[email protected]> | 2019-08-14 09:49:18 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2019-08-14 09:49:18 +0300 |
commit | 3c075bfd21adac9a4dde4fab6bd22886d6173d30 (patch) | |
tree | 29e29d6fbb1ce196c5af807338c8a56abf518f85 /include | |
parent | 65450f8a2bbf325d26177c2589c3a9bbe67d8f80 (diff) |
DiskCache: more strict checking for input filenames, getUrl() is no longer static
Diffstat (limited to 'include')
-rw-r--r-- | include/functions.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/functions.php b/include/functions.php index 5a66e53b9..3f80ba5ba 100644 --- a/include/functions.php +++ b/include/functions.php @@ -594,6 +594,10 @@ } } + function clean_filename($filename) { + return basename(preg_replace("/\.\.|[\/\\\]/", "", $filename)); + } + function make_password($length = 12) { $password = ""; $possible = "0123456789abcdfghjkmnpqrstvwxyzABCDFGHJKMNPQRSTVWXYZ*%+^"; |