diff options
author | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-08-04 15:50:22 +0000 |
---|---|---|
committer | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-08-04 15:50:22 +0000 |
commit | 10db041b38d36fa5da4109ed3fb36ca01c1f91ae (patch) | |
tree | 0d2a455438b4d2847d1dabfa87eb337bc98466b2 /engine/lib/input.php | |
parent | b38e40380ad08534756630a54d74aa4d965c2ab7 (diff) | |
download | elgg-10db041b38d36fa5da4109ed3fb36ca01c1f91ae.tar.gz elgg-10db041b38d36fa5da4109ed3fb36ca01c1f91ae.tar.bz2 |
Added optional param to sanitise_filepath() that appends a / or not. Also removes any ../s
git-svn-id: http://code.elgg.org/elgg/trunk@6801 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib/input.php')
-rw-r--r-- | engine/lib/input.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/engine/lib/input.php b/engine/lib/input.php index e5daa70ea..2ddc0e643 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -92,15 +92,19 @@ function filter_tags($var) { * @param string $path The path * @return string */ -function sanitise_filepath($path) { +function sanitise_filepath($path, $append_slash = TRUE) { // Convert to correct UNIX paths $path = str_replace('\\', '/', $path); + $path = str_replace('../', '/', $path); // Sort trailing slash $path = trim($path); // rtrim defaults plus / $path = rtrim($path, " \n\t\0\x0B/"); - $path = $path . "/"; + + if ($append_slash) { + $path = $path . '/'; + } return $path; } |