From 3c075bfd21adac9a4dde4fab6bd22886d6173d30 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Wed, 14 Aug 2019 09:49:18 +0300
Subject: DiskCache: more strict checking for input filenames, getUrl() is no
 longer static

---
 include/functions.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'include/functions.php')

diff --git a/include/functions.php b/include/functions.php
index 5a66e53b9..3f80ba5ba 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -594,6 +594,10 @@
 		}
 	}
 
+	function clean_filename($filename) {
+		return basename(preg_replace("/\.\.|[\/\\\]/", "", $filename));
+	}
+
 	function make_password($length = 12) {
 		$password = "";
 		$possible = "0123456789abcdfghjkmnpqrstvwxyzABCDFGHJKMNPQRSTVWXYZ*%+^";
-- 
cgit v1.2.3