From 0cbe4a256be369c144a04d6a968bc66c18c4e0ac Mon Sep 17 00:00:00 2001
From: Michael Hamann <michael@content-space.de>
Date: Sun, 8 Jul 2012 19:54:35 +0200
Subject: Check that animal name is a string, better error message if not

---
 inc/farm.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/inc/farm.php b/inc/farm.php
index 51b0c0f78..37ae24c16 100644
--- a/inc/farm.php
+++ b/inc/farm.php
@@ -46,9 +46,9 @@ function conf_path($farm) {
     if(isset($_REQUEST['animal']) || ('cli' == php_sapi_name() && isset($_SERVER['animal']))) {
         $mode = isset($_REQUEST['animal']) ? 'htaccess' : 'cli';
         $animal = $mode == 'htaccess' ? $_REQUEST['animal'] : $_SERVER['animal'];
-        // check that $animal specifies a subdirectory of $farm
-        if (strpos(fullpath($farm.'/'.$animal), fullpath($farm).'/') !== 0)
-            nice_die('Sorry! Invalid Wiki name!');
+        // check that $animal is a string and specifies a subdirectory of $farm
+        if (!is_string($animal) || strpos(fullpath($farm.'/'.$animal), fullpath($farm).'/') !== 0)
+            nice_die('Sorry! Invalid animal name!');
         if(!is_dir($farm.'/'.$animal))
             nice_die("Sorry! This Wiki doesn't exist!");
         if(!defined('DOKU_FARM')) define('DOKU_FARM', $mode);
-- 
cgit v1.2.3