aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-08-04 15:50:22 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-08-04 15:50:22 +0000
commit10db041b38d36fa5da4109ed3fb36ca01c1f91ae (patch)
tree0d2a455438b4d2847d1dabfa87eb337bc98466b2 /engine
parentb38e40380ad08534756630a54d74aa4d965c2ab7 (diff)
downloadelgg-10db041b38d36fa5da4109ed3fb36ca01c1f91ae.tar.gz
elgg-10db041b38d36fa5da4109ed3fb36ca01c1f91ae.tar.bz2
Added optional param to sanitise_filepath() that appends a / or not. Also removes any ../s
git-svn-id: http://code.elgg.org/elgg/trunk@6801 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/input.php8
1 files changed, 6 insertions, 2 deletions
diff --git a/engine/lib/input.php b/engine/lib/input.php
index e5daa70ea..2ddc0e643 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -92,15 +92,19 @@ function filter_tags($var) {
* @param string $path The path
* @return string
*/
-function sanitise_filepath($path) {
+function sanitise_filepath($path, $append_slash = TRUE) {
// Convert to correct UNIX paths
$path = str_replace('\\', '/', $path);
+ $path = str_replace('../', '/', $path);
// Sort trailing slash
$path = trim($path);
// rtrim defaults plus /
$path = rtrim($path, " \n\t\0\x0B/");
- $path = $path . "/";
+
+ if ($append_slash) {
+ $path = $path . '/';
+ }
return $path;
}