From 8916174c4afcabb8e14fc4bad1cd7320f14a3080 Mon Sep 17 00:00:00 2001 From: Larry Meaney Date: Tue, 30 Nov 2010 07:07:20 +0000 Subject: preg_quote the list of gedcoms when validating user input, in case any of the gedcoms have regex characters in their name --- downloadgedcom.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'downloadgedcom.php') diff --git a/downloadgedcom.php b/downloadgedcom.php index a672478f48..1343000355 100644 --- a/downloadgedcom.php +++ b/downloadgedcom.php @@ -36,7 +36,7 @@ require_once WT_ROOT.'includes/functions/functions_export.php'; if (!isset($_SESSION['exportConvPath'])) $_SESSION['exportConvPath'] = $MEDIA_DIRECTORY; if (!isset($_SESSION['exportConvSlashes'])) $_SESSION['exportConvSlashes'] = 'forward'; -$ged = safe_GET('ged', get_all_gedcoms()); +$ged = safe_GET('ged', preg_quote_array(get_all_gedcoms())); $action = safe_GET('action', 'download'); $remove = safe_GET('remove', 'yes', 'no'); $convert = safe_GET('convert', 'yes', 'no'); -- cgit v1.3