Might as well put a FILTER_SANITIZE_EMAIL there
Not that I think we could break out of the directory since we use basename, but you never know... maybe there's a unicode bug in PHP or something.
This commit is contained in:
parent
4bf26eff4c
commit
c23c3a4f53
@ -31,6 +31,9 @@ if (mb_strpos($u, 'acct:')===0) {
|
|||||||
$u = substr($u, 5);
|
$u = substr($u, 5);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Just to be a little bit safer, you know, with all the unicode stuff going on
|
||||||
|
$u = filter_var($u, FILTER_SANITIZE_EMAIL);
|
||||||
|
|
||||||
$f = $u . ".xml";
|
$f = $u . ".xml";
|
||||||
|
|
||||||
if (file_exists($f)) {
|
if (file_exists($f)) {
|
||||||
|
Loading…
Reference in New Issue
Block a user