diff options
| author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-06-12 12:48:07 +0000 |
|---|---|---|
| committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-06-12 12:48:07 +0000 |
| commit | a87a31631b8991bd9842b31b057d0fc086608612 (patch) | |
| tree | acaa5b57e4f3748eaf3d1a961a5df8fcaf1c2041 /engine/lib/filestore.php | |
| parent | a9419d04ee348cc66bea69d45bde6d99d8998cd2 (diff) | |
| download | elgg-a87a31631b8991bd9842b31b057d0fc086608612.tar.gz elgg-a87a31631b8991bd9842b31b057d0fc086608612.tar.bz2 | |
Refs #1041:
* Speculative fix, extended blacklist of invalid characters for user signup
* Mapping some filestore matrix characters (notable '.') to a safe char
git-svn-id: https://code.elgg.org/elgg/trunk@3329 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib/filestore.php')
| -rw-r--r-- | engine/lib/filestore.php | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/engine/lib/filestore.php b/engine/lib/filestore.php index 2f65ccc2f..89aee0d8d 100644 --- a/engine/lib/filestore.php +++ b/engine/lib/filestore.php @@ -319,6 +319,8 @@ */ protected function make_file_matrix($filename) { + $invalid_fs_chars = '*\'\\/"!$%^&*.%(){}[]#~?<>;|¬`@-+='; + $matrix = ""; $name = $filename; @@ -330,7 +332,13 @@ $len = $this->matrix_depth; for ($n = 0; $n < $len; $n++) { - $matrix .= $filename[$n] . "/"; + + // Prevent a matrix being formed with unsafe characters + $char = $filename[$n]; + if (strpos($invalid_fs_chars, $char)!==false) + $char = '_'; + + $matrix .= $char . "/"; } return $matrix.$name."/"; |