diff options
author | Urban Müller | 2018-08-03 15:57:17 +0200 |
---|---|---|
committer | Urban Müller | 2018-08-03 15:57:17 +0200 |
commit | 09f1498ae0ee0109dd8f4a6023054d00457ea637 (patch) | |
tree | c8533040c60ff42b64f7971d8cc1e00216ae5e1e | |
parent | 4006ab6580794c119d34b94f88def164433eb2ed (diff) | |
download | itools-09f1498ae0ee0109dd8f4a6023054d00457ea637.tar.gz itools-09f1498ae0ee0109dd8f4a6023054d00457ea637.tar.bz2 itools-09f1498ae0ee0109dd8f4a6023054d00457ea637.zip |
abort on suspicious filename. did not trigger in a month
-rw-r--r-- | it.class | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -1168,8 +1168,8 @@ static function mod($a, $n) static function safe_filename($filename) { - if (it::match("\./", $filename)) - it::error(['to' => "mueller", 'title' => "fishy filename $filename"]); # FIXME 2018-08 UM should be fatal after test phase + if (it::match("\.\./", $filename)) + it::fatal(['title' => "../ contained in '$filename', aborted"]); return $filename; } |