Permalink
Browse files

Protect admins from themselves - in case an admin changed the

watermark.name setting to something terrible by accident via Admin >
Advanced, we'll just use the basename.  Fixes #1977.
  • Loading branch information...
1 parent 92c2640 commit 9ef891858ca6ccf4213c5981868c6175cb2cde47 @bharat bharat committed Jan 30, 2013
Showing with 1 addition and 1 deletion.
  1. +1 −1 modules/watermark/controllers/admin_watermarks.php
@@ -66,7 +66,7 @@ public function delete() {
$form = watermark::get_delete_form();
if ($form->validate()) {
- if ($name = module::get_var("watermark", "name")) {
+ if ($name = basename(module::get_var("watermark", "name"))) {
@unlink(VARPATH . "modules/watermark/$name");
module::clear_var("watermark", "name");

0 comments on commit 9ef8918

Please sign in to comment.