frio: sanitize $schema only if the variable is initialized

This commit is contained in:
rabuzarus 2017-10-24 14:44:31 +02:00
parent 2687a42e3c
commit 578dc6f967

View File

@ -61,7 +61,9 @@ if ($_REQUEST['schema']) {
$schema = $_REQUEST['schema'];
}
$schema = basename($schema);
// Sanitize the data.
$schema = !empty($schema) ? basename($schema) : "";
if (($schema) && ($schema != '---')) {
if (file_exists('view/theme/frio/schema/' . $schema . '.php')) {