This is the actual security fix

2025-04-26 17:29:21 +02:00 · 2021-07-05 02:59:41 +02:00 · 2021-07-05 02:59:41 +02:00 · a2a773d714
commit a2a773d714
parent aa26a71949
1 changed files with 1 additions and 1 deletions
--- a/index.php
+++ b/index.php
@ -334,7 +334,7 @@ if($load_it)
 		}
 	} else {
 		$file = SYSTEM . 'pages/' . $page . '.php';
-		if(!@file_exists($file))
+		if(!@file_exists($file) || preg_match('/[^A-z0-9_\-]/', $page))
 		{
 			$page = '404';
 			$file = SYSTEM . 'pages/404.php';