diff options
| -rw-r--r-- | itjs.class | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -134,9 +134,12 @@ static function filenames($filelist) "PIE.htc" => "$libsearch/doc/PIE.htc", ); - foreach (array_filter(explode(",", basename($filelist))) as $file) + if (it::match("[^-\w.=?&,]", basename($filelist))) + it::error("bad filelist $filelist"); + + foreach (it::match("[-\w.=?&]+", basename($filelist), array('all' => true)) as $file) { - $filenames = $special[$file] ?: (file_exists("$path/" . it::replace(array('[\?\x00].*' => ""), $file)) ? "$path/$file" : "$libsearch/itjs/$file"); + $filenames = $special[$file] ?: (file_exists("$path/$file") ? "$path/$file" : "$libsearch/itjs/$file"); foreach (explode(",", $filenames) as $filename) if (!$seen[$filename]++) |