From acb1130082e5ab286ee41bb12a727bf2ba8034f3 Mon Sep 17 00:00:00 2001
From: Heru Subekti <heroe_soebekti@yahoo.co.id>
Date: Fri, 27 Oct 2017 23:38:11 +0700
Subject: [PATCH] fix Abitrary File Read

fix Abitrary File Read
---
 admin/help.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/admin/help.php b/admin/help.php
index e59fad1c..79edf34e 100644
--- a/admin/help.php
+++ b/admin/help.php
@@ -39,7 +39,7 @@
 
 if(isset($_GET['url']) && !empty($_GET['url'])) {		
 	$file_path = HELP.'/'.$sysconf['default_lang'].'/'.$_GET['url'];
-	if(!file_exists($file_path)) {
+	if(!file_exists($file_path)|| !preg_match("/^.*\.(md)$/i", $file_path)) {
 		echo __('File Not Found');
 	} else {
 		//Convert Markdown to HTML