fix problem reported by Fabio Ciuffani / John Leitch <john@autosectools.com>

This commit is contained in:
Ralf Becker 2011-08-03 07:18:17 +00:00
parent 11da1388eb
commit 050875995c

View File

@ -67,6 +67,7 @@ if (is_object($cmd))
// check if requests contains a reasonable looking admin command to be queued
if (!$_REQUEST['uid'] || // no uid
!$_REQUEST['type'] || // no command class name
!preg_match('/^[a-z0-9_]+$/i', $_REQUEST['type']) || // type is a (autoloadable) class name, prevent inclusion of arbitrary files
!$_REQUEST['creator_email']) // no creator email
{
header("HTTP/1.1 200 Bad format!");