maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

remove some special characters from directory-names when validating, fixes #1231 and pull-request 73 partly

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2013-12-09 07:49:33 +01:00
parent 3b0387901f
commit 15bb78d447
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/functions/filedir/function.makeSecurePath.php
View File

@@ -26,12 +26,12 @@
*/ */
function makeSecurePath($path) { function makeSecurePath($path) {
$search = Array( $search = array(
'#/+#', '#/+#',
'#\.+#', '#\.+#',
'#\0+#' '#\0+#'
); );
$replace = Array( $replace = array(
'/', '/',
'.', '.',
'' ''
@@ -41,5 +41,14 @@ function makeSecurePath($path) {
// it might be escaped already // it might be escaped already
$path = str_replace("\ ", " ", $path); $path = str_replace("\ ", " ", $path);
$path = str_replace(" ", "\ ", $path); $path = str_replace(" ", "\ ", $path);
// check for bad characters, some are allowed with escaping
// but we generally don't want them in our directory-names,
// thx to aaronmueller for this snipped
$badchars = array(':', ';', '|', '&', '>', '<', '`', '$', '~', '?');
foreach ($badchars as $bc) {
str_replace($bc, "", $path);
}
return $path; return $path;
} }