guard against dangerous (old or new) monitor names

by rogerroger288
This commit is contained in:
Isaac Connor 2014-06-05 15:21:28 -04:00
parent baf5da9561
commit 0689e8453c
1 changed files with 3 additions and 1 deletions

View File

@ -469,7 +469,9 @@ if ( !empty($action) )
dbQuery( "update Monitors set ".implode( ", ", $changes )." where Id =?", array($mid) );
if ( isset($changes['Name']) )
{
rename( ZM_DIR_EVENTS."/".$monitor['Name'], ZM_DIR_EVENTS."/".$_REQUEST['newMonitor']['Name']);
$saferOldName = basename( $monitor['Name'] );
$saferNewName = basename( $_REQUEST['newMonitor']['Name'] );
rename( ZM_DIR_EVENTS."/".$saferOldName, ZM_DIR_EVENTS."/".$saferNewName);
}
if ( isset($changes['Width']) || isset($changes['Height']) )
{