Filter subdir input

author Michael M Slusarz <slusarz@curecanti.org>

Tue, 25 May 2010 05:02:25 +0000 (23:02 -0600)

committer Michael M Slusarz <slusarz@curecanti.org>

Tue, 25 May 2010 05:17:56 +0000 (23:17 -0600)
author Michael M Slusarz <slusarz@curecanti.org>
Tue, 25 May 2010 05:02:25 +0000 (23:02 -0600)
committer Michael M Slusarz <slusarz@curecanti.org>
Tue, 25 May 2010 05:17:56 +0000 (23:17 -0600)
diff --git a/horde/util/icon_browser.php b/horde/util/icon_browser.php

index e8ca6df..e86b844 100644 (file)
--- a/horde/util/icon_browser.php
+++ b/horde/util/icon_browser.php
@@ -34,7 +34,7 @@ if (($app = basename($vars->app)) && isset($apps[$app])) {
          exit(sprintf(_("Base graphics directory \"%s\" not found."), $dir));
      }
  
-    if (($subdir = basename($vars->subdir))) {
+    if (($subdir = basename(filter_var($vars->subdir, FILTER_SANITIZE_STRING)))) {
          $dir .= DIRECTORY_SEPARATOR . $subdir;
          if (!is_dir($dir)) {
              exit(sprintf(_("Subdirectory \"%s\" not found."), $dir));
author	Michael M Slusarz <slusarz@curecanti.org>
	Tue, 25 May 2010 05:02:25 +0000 (23:02 -0600)
committer	Michael M Slusarz <slusarz@curecanti.org>
	Tue, 25 May 2010 05:17:56 +0000 (23:17 -0600)