From: Brett Profitt <brett.profitt@gmail.com>
Date: Mon, 14 May 2012 18:50:40 +0000 (-0700)
Subject: Fixes possible XSS vector.
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=f2173ecfae41c83c8200024d4b7bd6e0c7202f7a;p=lorea%2Felgg.git

Fixes possible XSS vector.
---

diff --git a/engine/lib/views.php b/engine/lib/views.php
index ca0ce7196..1b013be6f 100644
--- a/engine/lib/views.php
+++ b/engine/lib/views.php
@@ -103,7 +103,10 @@ function elgg_get_viewtype() {
 
 	$viewtype = get_input('view', NULL);
 	if ($viewtype) {
-		return $viewtype;
+		// only word characters allowed.
+		if (!preg_match('[\W]', $viewtype)) {
+			return $viewtype;
+		}
 	}
 
 	if (isset($CONFIG->view) && !empty($CONFIG->view)) {