summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUrban Müller2018-08-03 15:57:17 +0200
committerUrban Müller2018-08-03 15:57:17 +0200
commit09f1498ae0ee0109dd8f4a6023054d00457ea637 (patch)
treec8533040c60ff42b64f7971d8cc1e00216ae5e1e
parent4006ab6580794c119d34b94f88def164433eb2ed (diff)
downloaditools-09f1498ae0ee0109dd8f4a6023054d00457ea637.tar.gz
itools-09f1498ae0ee0109dd8f4a6023054d00457ea637.tar.bz2
itools-09f1498ae0ee0109dd8f4a6023054d00457ea637.zip
abort on suspicious filename. did not trigger in a month
-rw-r--r--it.class4
1 files changed, 2 insertions, 2 deletions
diff --git a/it.class b/it.class
index 436fe73..3720263 100644
--- a/it.class
+++ b/it.class
@@ -1168,8 +1168,8 @@ static function mod($a, $n)
static function safe_filename($filename)
{
- if (it::match("\./", $filename))
- it::error(['to' => "mueller", 'title' => "fishy filename $filename"]); # FIXME 2018-08 UM should be fatal after test phase
+ if (it::match("\.\./", $filename))
+ it::fatal(['title' => "../ contained in '$filename', aborted"]);
return $filename;
}