Menu
▾
▴
[phpwiki-checkins] SF.net SVN: phpwiki:[9723] trunk/lib/main.php
|
From: <var...@us...> - 2015-09-16 09:23:26
|
Revision: 9723
http://sourceforge.net/p/phpwiki/code/9723
Author: vargenau
Date: 2015-09-16 09:23:24 +0000 (Wed, 16 Sep 2015)
Log Message:
-----------
Remove forbidden characters: <>[]{}"|# from pagename
Modified Paths:
--------------
trunk/lib/main.php
Modified: trunk/lib/main.php
===================================================================
--- trunk/lib/main.php 2015-09-10 16:42:44 UTC (rev 9722)
+++ trunk/lib/main.php 2015-09-16 09:23:24 UTC (rev 9723)
@@ -874,8 +874,17 @@
*/
function _deducePagename()
{
- if (trim(rawurldecode($this->getArg('pagename'))))
- return rawurldecode($this->getArg('pagename'));
+ $raw_name = trim(rawurldecode($this->getArg('pagename')));
+ if ($raw_name) {
+ // Remove forbidden characters: <>[]{}"|#
+ $forbidden = array('<', '>', '[', ']', '{', '}', '"', '|', '#');
+ $safe_name = str_replace($forbidden, '', $raw_name);
+ if ($safe_name != $raw_name) {
+ trigger_error(sprintf(_('Illegal chars %s removed'),
+ '<>[]{}"|#'));
+ }
+ return $safe_name;
+ }
if (USE_PATH_INFO) {
$pathinfo = $this->get('PATH_INFO');
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
