diff options
Diffstat (limited to 'phpBB/phpbb/cache')
| -rw-r--r-- | phpBB/phpbb/cache/driver/file.php | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/phpBB/phpbb/cache/driver/file.php b/phpBB/phpbb/cache/driver/file.php index fd5bce4515..9a7c4aec7f 100644 --- a/phpBB/phpbb/cache/driver/file.php +++ b/phpBB/phpbb/cache/driver/file.php @@ -279,6 +279,7 @@ class file extends \phpbb\cache\driver\base if ($var_name[0] == '_') { global $phpEx; + $var_name = $this->clean_varname($var_name); return file_exists($this->cache_dir . 'data' . $var_name . ".$phpEx"); } else @@ -334,6 +335,7 @@ class file extends \phpbb\cache\driver\base { global $phpEx; + $filename = $this->clean_varname($filename); $file = "{$this->cache_dir}$filename.$phpEx"; $type = substr($filename, 0, strpos($filename, '_')); @@ -516,6 +518,7 @@ class file extends \phpbb\cache\driver\base { global $phpEx; + $filename = $this->clean_varname($filename); $file = "{$this->cache_dir}$filename.$phpEx"; $lock = new \phpbb\lock\flock($file); @@ -584,4 +587,15 @@ class file extends \phpbb\cache\driver\base return $return_value; } + + /** + * Replace slashes in the file name + * + * @param string $varname name of a cache variable + * @return string $varname name that is safe to use as a filename + */ + protected function clean_varname($varname) + { + return str_replace('/', '-', $varname); + } } |