Permalink
Browse files

new PARAM_SAFEDIR - fast cleaning for directories used in include() a…

…nd require() such as themes, plug-ins, formats...
  • Loading branch information...
1 parent 69731e2 commit 3fa1abaa4013a4aee0f5315b70b3c57bf052c774 skodak committed Jul 4, 2005
Showing with 5 additions and 0 deletions.
  1. +5 −0 lib/moodlelib.php
View
@@ -109,6 +109,7 @@
define('PARAM_BOOL', 0x0800); //convert to value 1 or 0 using empty()
define('PARAM_CLEANHTML',0x1000); //actual HTML code that you want cleaned and slashes removed
define('PARAM_ALPHAEXT', 0x2000); // PARAM_ALPHA plus the chars in quotes: "/-_" allowed
+define('PARAM_SAFEDIR', 0x4000); // safe directory name, suitable for include() and require()
/**
* Definition of page types
@@ -222,6 +223,10 @@ function clean_param($param, $options) {
$param = strip_tags($param);
}
+ if ($options & PARAM_SAFEDIR) { // Remove everything not a-zA-Z0-9_-
+ $param = eregi_replace('[^a-zA-Z0-9_-]', '', $param);
+ }
+
if ($options & PARAM_CLEANFILE) { // allow only safe characters
$param = clean_filename($param);
}

0 comments on commit 3fa1aba

Please sign in to comment.