From 73004cf10a28b8f0b9420c44440a5c56b0406257 Mon Sep 17 00:00:00 2001
From: Nathan Gass
Date: Mon, 8 Sep 2025 10:33:15 +0200
Subject: revert handling of - in it::safe_filename, we do not know if
 php://stdin or php://stdout is meant without context

---
 it.class | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/it.class b/it.class
index 327b7ee..83cdfba 100644
--- a/it.class
+++ b/it.class
@@ -1185,7 +1185,7 @@ static function file_get($filename, $p = array())
 {
 	if (isset($p['it_cache']) && ($key = "it_file_get_" . md5(json_encode([$filename, $p]))) && ($result = it_cache::get($key, $p['it_cache'])) !== null)
 		return $result;
-	elseif (($data = it::file_get_contents($filename)) !== false)
+	elseif (($data = it::file_get_contents($filename == "-" ? "php://stdin" : $filename)) !== false)
 	{
 		if ($p['keyval'])
 		{
@@ -1318,7 +1318,7 @@ static function safe_filename($filename)
 {
 	if (it::match("\.\./", $filename))
 		it::fatal(['title' => "../ contained in '$filename', aborted"]);
-	$filename = it::replace(['^/dev/fd/(\d+)$' => 'php://fd/$1', '^-$' => 'php://stdin'], $filename);
+	$filename = it::replace(['^/dev/fd/(\d+)$' => 'php://fd/$1'], $filename);
 
 	return $filename;
 }
-- 
cgit v1.2.3