From 9342addbd2b95f184f230773daa4faf5ef6d65e9 Mon Sep 17 00:00:00 2001
From: Michael M Slusarz <slusarz@curecanti.org>
Date: Mon, 24 May 2010 23:02:25 -0600
Subject: [PATCH] Filter subdir input

---
 horde/util/icon_browser.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/horde/util/icon_browser.php b/horde/util/icon_browser.php
index e8ca6dfd2..e86b84436 100644
--- a/horde/util/icon_browser.php
+++ b/horde/util/icon_browser.php
@@ -34,7 +34,7 @@ if (($app = basename($vars->app)) && isset($apps[$app])) {
         exit(sprintf(_("Base graphics directory \"%s\" not found."), $dir));
     }
 
-    if (($subdir = basename($vars->subdir))) {
+    if (($subdir = basename(filter_var($vars->subdir, FILTER_SANITIZE_STRING)))) {
         $dir .= DIRECTORY_SEPARATOR . $subdir;
         if (!is_dir($dir)) {
             exit(sprintf(_("Subdirectory \"%s\" not found."), $dir));
-- 
2.11.0