From 9850bdc46997f51024a8e6d2dc183e8745eacf78 Mon Sep 17 00:00:00 2001
From: niekt0 <niekt0@kyberia.cz>
Date: Wed, 27 Oct 2010 02:05:44 +0200
Subject: [PATCH] LocalFileInclude security fix

---
 wwwroot/nodes.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/wwwroot/nodes.php b/wwwroot/nodes.php
index ef08441..22ec5fc 100644
--- a/wwwroot/nodes.php
+++ b/wwwroot/nodes.php
@@ -72,9 +72,10 @@ $smarty->cache_dir = SMARTY_DIR.'cache/';
 $smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
 if ($_SESSION['debugging']) $smarty->debugging=true;
 
-//initializing variables
+// initializing variables
+// preg_replace prevents LFI
 if (empty($_POST['event'])) $event=false;
-else $event=$_POST['event'];
+else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
 
 
 if ($_SESSION['debugging']) {
-- 
2.30.2