aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authorBrett Profitt <brett.profitt@gmail.com>2012-05-14 11:50:40 -0700
committerBrett Profitt <brett.profitt@gmail.com>2012-05-14 11:50:40 -0700
commitf2173ecfae41c83c8200024d4b7bd6e0c7202f7a (patch)
treec6d2eda4b7c05fa2e30bff3ae974bae13e07b53e /engine
parentf90a5e3eee4e4d443c27830b6fcab312e0c0b21c (diff)
downloadelgg-f2173ecfae41c83c8200024d4b7bd6e0c7202f7a.tar.gz
elgg-f2173ecfae41c83c8200024d4b7bd6e0c7202f7a.tar.bz2
Fixes possible XSS vector.
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/views.php5
1 files changed, 4 insertions, 1 deletions
diff --git a/engine/lib/views.php b/engine/lib/views.php
index ca0ce7196..1b013be6f 100644
--- a/engine/lib/views.php
+++ b/engine/lib/views.php
@@ -103,7 +103,10 @@ function elgg_get_viewtype() {
$viewtype = get_input('view', NULL);
if ($viewtype) {
- return $viewtype;
+ // only word characters allowed.
+ if (!preg_match('[\W]', $viewtype)) {
+ return $viewtype;
+ }
}
if (isset($CONFIG->view) && !empty($CONFIG->view)) {