From e424ddbfda30cf8119f8555509f44f9d554d974f Mon Sep 17 00:00:00 2001
From: Peter Goodhall <peter@magicbug.co.uk>
Date: Tue, 20 Jul 2021 18:53:53 +0100
Subject: [PATCH] [Install] Filter Directory name

---
 install/includes/core_class.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/install/includes/core_class.php b/install/includes/core_class.php
index 441962bc..c4015f23 100644
--- a/install/includes/core_class.php
+++ b/install/includes/core_class.php
@@ -9,7 +9,7 @@ class Core {
 		$counter = 0;
 
 		// Validate the hostname
-		if(isset($data['hostname']) AND !empty($data['hostname'])) {
+		if(isset($data['hostname']) AND !empty($data['hostname']) AND filter_var($data['hostname'], FILTER_SANITIZE_URL)) {
 			$counter++;
 		}
 		// Validate the username
@@ -25,8 +25,14 @@ class Core {
 			$counter++;
 		}
 
+		if(!preg_match("~0-9A-Za-z-/+~", $data['directory'])) {
+			// pass
+		} else {
+			return false;
+		}
+
 		// Check if all the required fields have been entered
-		if($counter == '3') {
+		if($counter == '4') {
 			return true;
 		}
 		else {