Line 44: Line 44:
 */ */
 if(empty($_REQUEST['​dirname'​])) if(empty($_REQUEST['​dirname'​]))
-   dir("​Missing mp3 directory"​);​+   die("​Missing mp3 directory"​);​
 $dir_name = basename($_REQUEST['​dirname'​]);​ $dir_name = basename($_REQUEST['​dirname'​]);​
 +if(preg_match('/​[^a-z_\-0-9]/​i',​ $dir_name))
 +   ​die("​Invalid directory"​);​
 if(!empty($dir_name) and is_dir($mp3_dir.$dir_name)) { if(!empty($dir_name) and is_dir($mp3_dir.$dir_name)) {
