Added optional param to sanitise_filepath() that appends a / or not. Also removes...

author brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>

Wed, 4 Aug 2010 15:50:22 +0000 (15:50 +0000)

committer brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>

Wed, 4 Aug 2010 15:50:22 +0000 (15:50 +0000)
author brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Wed, 4 Aug 2010 15:50:22 +0000 (15:50 +0000)
committer brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Wed, 4 Aug 2010 15:50:22 +0000 (15:50 +0000)
diff --git a/engine/lib/input.php b/engine/lib/input.php

index e5daa70eadcd7409c71b17cbe18694f37017856c..2ddc0e64386ae742411bd7ee9c9d1f7cb17e8525 100644 (file)
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -92,15 +92,19 @@ function filter_tags($var) {
   * @param string $path The path
   * @return string
   */
-function sanitise_filepath($path) {
+function sanitise_filepath($path, $append_slash = TRUE) {
         // Convert to correct UNIX paths
         $path = str_replace('\\', '/', $path);
+       $path = str_replace('../', '/', $path);
  
         // Sort trailing slash
         $path = trim($path);
         // rtrim defaults plus /
         $path = rtrim($path, " \n\t\0\x0B/");
-       $path = $path . "/";
+
+       if ($append_slash) {
+               $path = $path . '/';
+       }
  
         return $path;
  }
author	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Wed, 4 Aug 2010 15:50:22 +0000 (15:50 +0000)
committer	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Wed, 4 Aug 2010 15:50:22 +0000 (15:50 +0000)