From 025f537074a22ce1f1933638f82ef7d4b79729ca Mon Sep 17 00:00:00 2001
From: Jack-Benny Persson <jack-benny@cyberinfo.se>
Date: Sat, 5 Jul 2014 10:40:49 +0200
Subject: [PATCH] Added regexp to strip away any special chars from filename

---
 user/editfile.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/user/editfile.php b/user/editfile.php
index 208aed0..6d129f1 100644
--- a/user/editfile.php
+++ b/user/editfile.php
@@ -3,8 +3,13 @@ require ("../includes/content.php");
 require ("../includes/miscfunc.php");
 require ("../includes/htmlcode.php");
 
-//Make some form of control below, this is unsafe...
-$file = Page::$parentDir . Page::$contentFolder . $_GET['file'];
+/*regexp to strip away '..', '/' and so forth. Filename must now be in the
+  format of myfile.ext, where myfile can be 1 to 20 chars long (including '-'
+  and '_') and ext can be
+  from 1 to 4 chars.*/
+$filename = $_GET['file'];
+preg_match_all("/[a-z_\-0-9]{1,30}\.[a-z]{1,4}/i", $filename, $checkedFilename);
+$file = Page::$parentDir . Page::$contentFolder . $checkedFilename[0][0];
 
 if(isset($_POST['content']))
 {