diff --git a/README.md b/README.md index 8d06413..63d2705 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ##Stash -![Release](https://img.shields.io/badge/release-2.6.9-brightgreen.svg) +![Release](https://img.shields.io/badge/release-2.7.0-brightgreen.svg) This is the development version of Stash. Test thoroughly before using in production. diff --git a/composer.json b/composer.json index 6a90568..ff5c51b 100644 --- a/composer.json +++ b/composer.json @@ -13,7 +13,7 @@ }, "extra": { "branch-alias": { - "dev-dev": "2.6.*-dev" + "dev-dev": "2.7.*-dev" } } } diff --git a/system/expressionengine/third_party/stash/config.php b/system/expressionengine/third_party/stash/config.php index 809f6e3..a6c7b27 100755 --- a/system/expressionengine/third_party/stash/config.php +++ b/system/expressionengine/third_party/stash/config.php @@ -2,7 +2,7 @@ if (! defined('STASH_VER')) { define('STASH_NAME', 'Stash'); - define('STASH_VER', '2.6.9'); + define('STASH_VER', '2.7.0'); define('STASH_AUTHOR', 'Mark Croxton'); define('STASH_DOCS', 'http://github.com/croxton/Stash/'); define('STASH_DESC', 'Stash: save text and code snippets for reuse throughout your templates.'); diff --git a/system/expressionengine/third_party/stash/models/stash_model.php b/system/expressionengine/third_party/stash/models/stash_model.php index 18b2b0f..e2d61c9 100755 --- a/system/expressionengine/third_party/stash/models/stash_model.php +++ b/system/expressionengine/third_party/stash/models/stash_model.php @@ -810,6 +810,17 @@ private function _path($uri = '/', $site_id) return FALSE; } + // Blacklist of characters we don't want to allow as directory names in the cache + $bad = $this->EE->config->item('stash_static_character_blacklist') + ? (array) $this->EE->config->item('stash_static_character_blacklist') + : array(LD, RD, '<', '>', ':', '"', '\\', '|', '*', '.'); + $new_uri = str_replace($bad, '', $uri); + + if ($uri != $new_uri) + { + return FALSE; + } + // Build the path return trim($path.'/'.$site_id.'/'.trim($uri, '/')).'/'; }