diff options
-rw-r--r-- | actions/systemsettings/install.php | 3 | ||||
-rw-r--r-- | engine/lib/input.php | 7 |
2 files changed, 6 insertions, 4 deletions
diff --git a/actions/systemsettings/install.php b/actions/systemsettings/install.php index 41a2a8b22..c4f563beb 100644 --- a/actions/systemsettings/install.php +++ b/actions/systemsettings/install.php @@ -22,6 +22,7 @@ if (get_input('settings') == 'go') { // Sanitise $path = sanitise_filepath(get_input('path')); $dataroot = sanitise_filepath(get_input('dataroot')); + $url = sanitise_filepath(get_input('wwwroot')); // Blank? if ($dataroot == "/") { @@ -40,7 +41,7 @@ if (get_input('settings') == 'go') { $site = new ElggSite(); $site->name = get_input('sitename'); - $site->url = get_input('wwwroot'); + $site->url = $url; $site->description = get_input('sitedescription'); $site->email = get_input('siteemail'); $site->access_id = ACCESS_PUBLIC; diff --git a/engine/lib/input.php b/engine/lib/input.php index abc2d6811..f59061312 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -14,7 +14,7 @@ * * Note: this function does not handle nested arrays (ex: form input of param[m][n]) * because of the filtering done in htmlawed from the filter_tags call. - * + * * @param $variable string The variable we want to return. * @param $default mixed A default value for the variable if it is not found. * @param $filter_result If true then the result is filtered for bad tags. @@ -52,7 +52,7 @@ function get_input($variable, $default = "", $filter_result = true) { /** * Sets an input value that may later be retrieved by get_input - * + * * Note: this function does not handle nested arrays (ex: form input of param[m][n]) * * @param string $variable The name of the variable @@ -96,7 +96,8 @@ function sanitise_filepath($path) { // Sort trailing slash $path = trim($path); - $path = rtrim($path, " /"); + // rtrim defaults plus / + $path = rtrim($path, " \n\t\0\x0B/"); $path = $path . "/"; return $path; |