From d94348421d8d791eec29afd2e01fb1c9ba181de1 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Fri, 16 Aug 2019 09:31:16 +0300
Subject: [PATCH] use clean_filename() instead of basename()/clean()
 combinations in a bunch of places

---
 classes/backend.php    | 2 +-
 classes/pluginhost.php | 2 +-
 classes/rpc.php        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/classes/backend.php b/classes/backend.php
index 5bd724728..122e28c65 100644
--- a/classes/backend.php
+++ b/classes/backend.php
@@ -88,7 +88,7 @@ class Backend extends Handler {
 	}
 
 	function help() {
-		$topic = basename(clean($_REQUEST["topic"])); // only one for now
+		$topic = clean_filename($_REQUEST["topic"]); // only one for now
 
 		if ($topic == "main") {
 			$info = get_hotkeys_info();
diff --git a/classes/pluginhost.php b/classes/pluginhost.php
index 9330e9e5e..eab808ae9 100755
--- a/classes/pluginhost.php
+++ b/classes/pluginhost.php
@@ -186,7 +186,7 @@ class PluginHost {
 
 		foreach ($plugins as $class) {
 			$class = trim($class);
-			$class_file = strtolower(basename($class));
+			$class_file = strtolower(clean_filename($class));
 
 			if (!is_dir(__DIR__."/../plugins/$class_file") &&
 					!is_dir(__DIR__."/../plugins.local/$class_file")) continue;
diff --git a/classes/rpc.php b/classes/rpc.php
index 8736cbb65..84c9cfe92 100755
--- a/classes/rpc.php
+++ b/classes/rpc.php
@@ -572,7 +572,7 @@ class RPC extends Handler_Protected {
 
 	function log() {
 		$msg = clean($_REQUEST['msg']);
-		$file = basename(clean($_REQUEST['file']));
+		$file = clean_filename($_REQUEST['file']);
 		$line = (int) clean($_REQUEST['line']);
 		$context = clean($_REQUEST['context']);
 
-- 
GitLab