From de50cad65ae679a602e71adddffdd74df7ea3fbb Mon Sep 17 00:00:00 2001
From: Michael Hamann <michael@content-space.de>
Date: Sat, 8 Sep 2012 13:20:28 +0200
Subject: [PATCH] Check plugin naming conventions during load FS#2464

This checks if plugin names are valid and only loads valid plugin files,
this could prevent some errors from wrong upgrades as described in
FS#2464.
---
 inc/load.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/load.php b/inc/load.php
index b676518e7..57295bd8a 100644
--- a/inc/load.php
+++ b/inc/load.php
@@ -95,7 +95,7 @@ function load_autoload($name){
     }
 
     // Plugin loading
-    if(preg_match('/^(helper|syntax|action|admin|renderer|remote)_plugin_([^_]+)(?:_([^_]+))?$/',
+    if(preg_match('/^(helper|syntax|action|admin|renderer|remote)_plugin_([a-z0-9]+)(?:_([^_]+))?$/',
                   $name, $m)) {
         // try to load the wanted plugin file
         $c = ((count($m) === 4) ? "/{$m[3]}" : '');
-- 
GitLab