From d7e203374954cc0674e01ef210a3179e7294597f Mon Sep 17 00:00:00 2001
From: Edoardo Vacchi <uncommonnonsense@gmail.com>
Date: Wed, 20 Nov 2013 12:33:50 +0100
Subject: [PATCH] fix incorrect static id handling

---
 fp-includes/core/core.static.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/fp-includes/core/core.static.php b/fp-includes/core/core.static.php
index cc50e41..6a6a769 100755
--- a/fp-includes/core/core.static.php
+++ b/fp-includes/core/core.static.php
@@ -24,15 +24,23 @@
 	}	
 	
 	function static_parse($id) {
+		if (!static_isvalid($id)) return false;
+		
 		if ($fname=static_exists($id)) {
 			$entry = io_load_file($fname);
 			return (utils_kexplode($entry));
 		}
 		return array();
 	}
+	
+	function static_isvalid($id) {
+		return !preg_match('[^./\\\\]+');
+	}
 		
 	
 	function static_save($entry, $id, $oldid=null) {
+		if (!static_isvalid($id)) return false;
+		
 		$fname = STATIC_DIR . $id . EXT;
 		
 		$entry['content'] = apply_filters('content_save_pre', $entry['content']);
@@ -51,6 +59,8 @@
 	}
 	
 	function static_exists($id) {
+		if (!static_isvalid($id)) return false;
+		
 		$fname = STATIC_DIR . $id . EXT;
 		
 		if (file_exists($fname))
@@ -60,6 +70,8 @@
 	}
 
 	function static_delete($id) {
+		if (!static_isvalid($id)) return false;
+		
 		return fs_delete(STATIC_DIR . $id . EXT);
 	}