fix local file include vulnerability in doc.php

Conflicts: actions/doc.php
2010-02-01 11:10:36 -05:00
parent f9cb1c3265
commit 57d8f22a3a
1 changed files with 3 additions and 0 deletions
--- a/actions/doc.php
+++ b/actions/doc.php
@@ -54,6 +54,9 @@ class DocAction extends Action
        parent::prepare($args);

        $this->title  = $this->trimmed('title');
+        if (!preg_match('/^[a-zA-Z0-9_-]*$/', $this->title)) {
+            $this->title = 'help';
+        }
        $this->output = null;

        $this->loadDoc();