bug #602, less strict check on section url parameter

git cherry-pick f93a312e08
2026-03-28 17:42:57 +01:00 · 2017-01-04 14:12:36 +01:00
parent 239cb04181
commit e309cfdc8a
1 changed files with 1 additions and 1 deletions
--- a/admin/plugin.php
+++ b/admin/plugin.php
@@ -39,7 +39,7 @@ for ($i=0; $i<count($sections); $i++)
    continue;
  }

-  if ($sections[$i] == '..' or !preg_match('/^[a-zA-Z_\.-]+$/', $sections[$i]))
+  if ($sections[$i] == '..' or !preg_match('/^[a-zA-Z0-9_\.-]+$/', $sections[$i]))
  {
    die('invalid section token ['.htmlentities($sections[$i]).']');
  }