From e710d558834dd689162ca137de570eaf17fed62d Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs <sbrl@starbeamrainbowlabs.com>
Date: Sun, 9 Aug 2020 13:03:40 +0100
Subject: [PATCH] makepathsafe: don't allow dots on their own Specifically, we
 don't want a single dot as a page name. This is because '.' has a special
 meaning on Linux: The current directory.

---
 core/05-functions.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/core/05-functions.php b/core/05-functions.php
index 746ec17..429995a 100644
--- a/core/05-functions.php
+++ b/core/05-functions.php
@@ -289,6 +289,8 @@ function makepathsafe($string)
 	$string = preg_replace("/\.+/", ".", $string);
 	// Don't allow slashes at the beginning
 	$string = ltrim($string, "\\/");
+	// Don't allow dots on their own
+	$string = preg_replace(["/^\.\\/|\\/\.$/", "/\\/\.\\//"], ["", "/"], $string);
 	return $string;
 }