From 10db041b38d36fa5da4109ed3fb36ca01c1f91ae Mon Sep 17 00:00:00 2001
From: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Wed, 4 Aug 2010 15:50:22 +0000
Subject: Added optional param to sanitise_filepath() that appends a / or not. 
 Also removes any ../s

git-svn-id: http://code.elgg.org/elgg/trunk@6801 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/input.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'engine/lib/input.php')

diff --git a/engine/lib/input.php b/engine/lib/input.php
index e5daa70ea..2ddc0e643 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -92,15 +92,19 @@ function filter_tags($var) {
  * @param string $path The path
  * @return string
  */
-function sanitise_filepath($path) {
+function sanitise_filepath($path, $append_slash = TRUE) {
 	// Convert to correct UNIX paths
 	$path = str_replace('\\', '/', $path);
+	$path = str_replace('../', '/', $path);
 
 	// Sort trailing slash
 	$path = trim($path);
 	// rtrim defaults plus /
 	$path = rtrim($path, " \n\t\0\x0B/");
-	$path = $path . "/";
+
+	if ($append_slash) {
+		$path = $path . '/';
+	}
 
 	return $path;
 }
-- 
cgit v1.2.3