[0000281] Filename saitization added

[fa-stable.git] / includes / main.inc

diff --git a/includes/main.inc b/includes/main.inc
index b89f4496d4cc5ac0699aa3a30b8cc4224d0fccbc..3d94aeb6900d1a85583ece6eef587f33015c96b9 100644 (file)
--- a/includes/main.inc
+++ b/includes/main.inc
@@ -343,5 +343,13 @@ function find_custom_file($rep)
 
        return null;
 }
+/*
+       
+       Protect against directory traversal.
+       Changes all not POSIX compatible chars to underscore.
+*/
+function clean_file_name($filename) {
+    return preg_replace('/[^a-zA-Z0-9.\-_]/', '_', $filename);
+}
 
 ?>
\ No newline at end of file