forked from GNUsocial/gnu-social
fix local file include vulnerability in doc.php
Conflicts: actions/doc.php
This commit is contained in:
parent
779204b194
commit
d264db6119
@ -54,6 +54,9 @@ class DocAction extends Action
|
||||
parent::prepare($args);
|
||||
|
||||
$this->title = $this->trimmed('title');
|
||||
if (!preg_match('/^[a-zA-Z0-9_-]*$/', $this->title)) {
|
||||
$this->title = 'help';
|
||||
}
|
||||
$this->output = null;
|
||||
|
||||
$this->loadDoc();
|
||||
|
Loading…
Reference in New Issue
Block a user