diff options
Diffstat (limited to 'inc/search.php')
| -rw-r--r-- | inc/search.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/inc/search.php b/inc/search.php index 584e684ff..b4d5f1274 100644 --- a/inc/search.php +++ b/inc/search.php @@ -205,6 +205,11 @@ function search_media(&$data,$base,$file,$type,$lvl,$opts){ $info = array(); $info['id'] = pathID($file,true); + if($info['id'] != cleanID($info['id'])){ + if($opts['showmsg']) + msg(hsc($info['id']).' is not a valid file name for DokuWiki - skipped',-1); + return false; // skip non-valid files + } //check ACL for namespace (we have no ACL for mediafiles) if(auth_quickaclcheck(getNS($info['id']).':*') < AUTH_READ){ |