fix local file include vulnerability in doc.php

Conflicts:

	actions/doc.php
This commit is contained in:
Evan Prodromou 2010-02-01 11:10:36 -05:00
parent f9cb1c3265
commit 57d8f22a3a

View File

@ -54,6 +54,9 @@ class DocAction extends Action
parent::prepare($args); parent::prepare($args);
$this->title = $this->trimmed('title'); $this->title = $this->trimmed('title');
if (!preg_match('/^[a-zA-Z0-9_-]*$/', $this->title)) {
$this->title = 'help';
}
$this->output = null; $this->output = null;
$this->loadDoc(); $this->loadDoc();