lucidergs/dragon_fire
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

feat: use a proper path sanitization function for permitted paths

Browse source
This commit is contained in:
David Bailey 2023-12-20 18:50:07 +01:00
parent b552562f31
commit eb87a78625
2 changed files with 26 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
www/post_adapter.php
View file

@ -64,7 +64,7 @@ class PostHandler extends MySQLAdapter {
function save_markdown_post($post_path, $post_data) {
$frontmatter_post = YamlFrontMatter::parse($post_data);
$post_path = chop($post_path, '/');
$post_path = $this->_sanitize_path($post_path);
$post_content = $frontmatter_post->body();
$post_metadata = $frontmatter_post->matter();