diff options
| -rw-r--r-- | lib/exe/css.php | 2 | ||||
| -rw-r--r-- | lib/plugins/config/settings/config.class.php | 1 | ||||
| -rw-r--r-- | lib/plugins/config/settings/config.metadata.php | 7 |
3 files changed, 6 insertions, 4 deletions
diff --git a/lib/exe/css.php b/lib/exe/css.php index 11ae2e828..0aa26de13 100644 --- a/lib/exe/css.php +++ b/lib/exe/css.php @@ -41,7 +41,7 @@ function css_out(){ break; } - $tpl = trim(preg_replace('/[^\w]+/','',$_REQUEST['t'])); + $tpl = trim(preg_replace('/[^\w-]+/','',$_REQUEST['t'])); if($tpl){ $tplinc = DOKU_INC.'lib/tpl/'.$tpl.'/'; $tpldir = DOKU_BASE.'lib/tpl/'.$tpl.'/'; diff --git a/lib/plugins/config/settings/config.class.php b/lib/plugins/config/settings/config.class.php index 71e69b4c8..4b77d7065 100644 --- a/lib/plugins/config/settings/config.class.php +++ b/lib/plugins/config/settings/config.class.php @@ -628,6 +628,7 @@ if (!class_exists('setting_dirchoice')) { if ($dh = @opendir($this->_dir)) { while (false !== ($entry = readdir($dh))) { if ($entry == '.' || $entry == '..') continue; + if ($this->_pattern && !preg_match($this->_pattern,$entry)) continue; $file = (is_link($this->_dir.$entry)) ? readlink($this->_dir.$entry) : $entry; if (is_dir($this->_dir.$file)) $list[] = $entry; diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php index 52db12a5e..55ddb1e55 100644 --- a/lib/plugins/config/settings/config.metadata.php +++ b/lib/plugins/config/settings/config.metadata.php @@ -22,7 +22,8 @@ * 'email' - text input, input must conform to email address format, setting output in quotes * 'password' - password input, minimal input validation, setting output plain text in quotes * 'dirchoice' - as multichoice, selection choices based on folders found at location specified in _dir - * parameter (required) + * parameter (required). A pattern can be used to restrict the folders to only those which + * match the pattern. * 'multicheckbox'- a checkbox for each choice plus an "other" string input, config file setting is a comma * separated list of checked choices * 'fieldset' - used to group configuration settings, but is not itself a setting. To make this clear in @@ -41,7 +42,7 @@ * * Defined parameters: * '_pattern' - string, a preg pattern. input is tested against this pattern before being accepted - * optional all classes, except onoff, multichoice & dirchoice which ignore it + * optional all classes, except onoff & multichoice which ignore it * '_choices' - array of choices. used to populate a selection box. choice will be replaced by a localised * language string, indexed by <setting name>_o_<choice>, if one exists * required by 'multichoice' & 'multicheckbox' classes, ignored by others @@ -80,7 +81,7 @@ $meta['_basic'] = array('fieldset'); $meta['title'] = array('string'); $meta['start'] = array('string'); $meta['lang'] = array('dirchoice','_dir' => DOKU_INC.'inc/lang/'); -$meta['template'] = array('dirchoice','_dir' => DOKU_INC.'lib/tpl/'); +$meta['template'] = array('dirchoice','_dir' => DOKU_INC.'lib/tpl/','_pattern' => '/^[\w-]+$/'); $meta['savedir'] = array('savedir'); $meta['basedir'] = array('string'); $meta['baseurl'] = array('string'); |