Permalink
Browse files

Add a preg_match() check to the requested site

  • Loading branch information...
1 parent e22448f commit 05a1ab6ce0080e90d7dd2f5d66e999466e270fe7 @haraldpdl haraldpdl committed Feb 6, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 osCommerce/OM/Core/OSCOM.php
@@ -58,7 +58,7 @@ public static function setSite($site = null) {
if ( !empty($_GET) ) {
$requested_site = HTML::sanitize(basename(key(array_slice($_GET, 0, 1, true))));
- if ( static::siteExists($requested_site) ) {
+ if ( preg_match('/^[A-Z][A-Za-z0-9-_]*$/', $requested_site) && static::siteExists($requested_site) ) {
$site = $requested_site;
} else {
$site = static::getDefaultSite();

0 comments on commit 05a1ab6

Please sign in to comment.