LocalFileInclude security fix

diff --git a/wwwroot/nodes.php b/wwwroot/nodes.php
index ef084411e09ba510e153f8fb35e52f64f31739a3..22ec5fc1dbe0da8e42de021ce7f53e2c9665df51 100644 (file)
--- a/wwwroot/nodes.php
+++ b/wwwroot/nodes.php
@@ -72,9 +72,10 @@ $smarty->cache_dir = SMARTY_DIR.'cache/';
 $smarty->plugins_dir = SMARTY_PLUGIN_DIR ;
 if ($_SESSION['debugging']) $smarty->debugging=true;
 
-//initializing variables
+// initializing variables
+// preg_replace prevents LFI
 if (empty($_POST['event'])) $event=false;
-else $event=$_POST['event'];
+else $event= preg_replace( "![^a-zA-Z0-9_]+!", "", $_POST['event']);
 
 
 if ($_SESSION['debugging']) {