From c3d14e1fa54c7dade7b1b7955575e2991396d7ef Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 14 Sep 2020 19:46:52 +0300
Subject: - fix multiple vulnerabilities in af_proxy_http - fix vulnerability
 in rewrite_relative_url() which prevented some URLs from being properly
 absolutized - fetch_file_contents: validate all URLs before requesting them -
 validate URLs: explicitly whitelist http and https scheme, forbid everything
 else - DiskCache/cached_url: only serve whitelisted content types (images,
 video) - simplify filename/URL handling code, remove and consolidate some
 less-used functions

---
 classes/pluginhost.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'classes/pluginhost.php')

diff --git a/classes/pluginhost.php b/classes/pluginhost.php
index 4fec13000..c6c036783 100755
--- a/classes/pluginhost.php
+++ b/classes/pluginhost.php
@@ -193,7 +193,7 @@ class PluginHost {
 
 		foreach ($plugins as $class) {
 			$class = trim($class);
-			$class_file = strtolower(clean_filename($class));
+			$class_file = strtolower(basename(clean($class)));
 
 			if (!is_dir(__DIR__."/../plugins/$class_file") &&
 					!is_dir(__DIR__."/../plugins.local/$class_file")) continue;
-- 
cgit v1.2.3-54-g00ecf