From 686c4181e35c1b248dd95d502524cdc11a86c6d4 Mon Sep 17 00:00:00 2001
From: Anthony Ferrara <ircmaxell@gmail.com>
Date: Tue, 20 Jan 2015 16:10:19 -0500
Subject: [PATCH] Fix potential file-include vulnerability

Fix potential file-include vulnerability by adding `EXTR_SKIP` to extract so it doesn't overwrite `$params` array.
---
 include/layout.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/layout.inc b/include/layout.inc
index 4b7d29efd5..9fc583b046 100644
--- a/include/layout.inc
+++ b/include/layout.inc
@@ -396,7 +396,7 @@ function print_view($templateName, array $params = array()) {
     $path = $_SERVER['DOCUMENT_ROOT'] . '/views/' . $templateName;
     if(file_exists($path)) {
         if(!empty($params)) {
-            extract($params);
+            extract($params, EXTR_SKIP);
         }
         include_once $path;
     }