Protect admins from themselves - in case an admin changed the

watermark.name setting to something terrible by accident via Admin > Advanced, we'll just use the basename. Fixes #1977.
author: Bharat Mediratta <bharat@menalto.com> 2013-01-30 18:45:49 -0500
committer: Bharat Mediratta <bharat@menalto.com> 2013-01-30 18:45:49 -0500
commit: 9ef891858ca6ccf4213c5981868c6175cb2cde47 (patch)
tree: c271b1837f67eba80aac19c48dba29522d4e8b08 /modules
parent: 92c264033a23cd9e7473a60948760baefd488407 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php
index 1cc0c392..2d656c9f 100644
--- a/modules/watermark/controllers/admin_watermarks.php
+++ b/modules/watermark/controllers/admin_watermarks.php
@@ -66,7 +66,7 @@ class Admin_Watermarks_Controller extends Admin_Controller {
 
     $form = watermark::get_delete_form();
     if ($form->validate()) {
-      if ($name = module::get_var("watermark", "name")) {
+      if ($name = basename(module::get_var("watermark", "name"))) {
         @unlink(VARPATH . "modules/watermark/$name");
 
         module::clear_var("watermark", "name");
author	Bharat Mediratta <bharat@menalto.com>	2013-01-30 18:45:49 -0500
committer	Bharat Mediratta <bharat@menalto.com>	2013-01-30 18:45:49 -0500
commit	9ef891858ca6ccf4213c5981868c6175cb2cde47 (patch)
tree	c271b1837f67eba80aac19c48dba29522d4e8b08 /modules
parent	92c264033a23cd9e7473a60948760baefd488407 (diff)