do not delegate cleanup to callers but enforce it here as well, thanks Martín for suggestion

git-svn-id: http://dev.piwik.org/svn/trunk@7779 59fd770c-687e-43c8-a1e3-f5a4ff64c105
author: mattpiwik <matthieu.aubry@gmail.com> 2013-01-18 06:05:48 +0400
committer: mattpiwik <matthieu.aubry@gmail.com> 2013-01-18 06:05:48 +0400
commit: b7562e440ac86ce753fc18112b384b3a7cd489de (patch)
tree: 63d9ef1eba97b8b25f15388deac7e537b2a8b6da /core/CacheFile.php
parent: 3c632e700d3605c5c7f78b9ec2dbeea04a97d575 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/core/CacheFile.php b/core/CacheFile.php
index 146e450e6e..2fc217844a 100644
--- a/core/CacheFile.php
+++ b/core/CacheFile.php
@@ -50,6 +50,8 @@ class Piwik_CacheFile
 		if(empty($id)) {
 			return false;
 		}
+		$id = $this->cleanupId($id);
+
 		$cache_complete = false;
 		$content = '';
 
@@ -63,6 +65,14 @@ class Piwik_CacheFile
 		return false;
 	}
 
+	protected function cleanupId($id)
+	{
+		if(!Piwik_Common::isValidFilename($id)) {
+			throw new Exception("Invalid cache ID request $id");
+		}
+		return $id;
+	}
+
 	/**
 	 * A function to store content a cache entry.
 	 *
@@ -82,6 +92,7 @@ class Piwik_CacheFile
 		if (!is_writable($this->cachePath)) {
 			return false;
 		}
+		$id = $this->cleanupId($id);
 	
 		$id = $this->cachePath . $id . '.php';
 
@@ -123,6 +134,8 @@ class Piwik_CacheFile
 		if(empty($id)) {
 			return false;
 		}
+		$id = $this->cleanupId($id);
+
 		$filename = $this->cachePath . $id . '.php';
 		if (file_exists($filename)) {
 			@unlink ($filename);
author	mattpiwik <matthieu.aubry@gmail.com>	2013-01-18 06:05:48 +0400
committer	mattpiwik <matthieu.aubry@gmail.com>	2013-01-18 06:05:48 +0400
commit	b7562e440ac86ce753fc18112b384b3a7cd489de (patch)
tree	63d9ef1eba97b8b25f15388deac7e537b2a8b6da /core/CacheFile.php
parent	3c632e700d3605c5c7f78b9ec2dbeea04a97d575 (diff)