X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Fnodes.php;h=22ec5fc1dbe0da8e42de021ce7f53e2c9665df51;hb=9850bdc46997f51024a8e6d2dc183e8745eacf78;hp=ef084411e09ba510e153f8fb35e52f64f31739a3;hpb=fd15ea3a496d31453e21ac89ff4be0ae3fe671ef;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/nodes.php b/wwwroot/nodes.php
index ef08441..22ec5fc 100644
--- a/wwwroot/nodes.php
+++ b/wwwroot/nodes.php
@@ -72,9 +72,10 @@ $smarty->cache_dir = SMARTY_DIR.'cache/';
 $smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
 if ($_SESSION['debugging']) $smarty->debugging=true;
 
-//initializing variables
+// initializing variables
+// preg_replace prevents LFI
 if (empty($_POST['event'])) $event=false;
-else $event=$_POST['event'];
+else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
 
 
 if ($_SESSION['debugging']) {