From c4d71631d83f3cfbb12f2217edbed6feb2ec15ab Mon Sep 17 00:00:00 2001
From: Cameron <e107inc@gmail.com>
Date: Sun, 4 Dec 2016 07:50:27 -0800
Subject: [PATCH] New parser filter added for file names.

---
 e107_handlers/e_parse_class.php        | 5 +++++
 e107_handlers/theme_handler.php        | 2 +-
 e107_plugins/newsletter/nl_archive.php | 2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/e107_handlers/e_parse_class.php b/e107_handlers/e_parse_class.php
index a5d5296b0..99b2f323a 100644
--- a/e107_handlers/e_parse_class.php
+++ b/e107_handlers/e_parse_class.php
@@ -4369,6 +4369,11 @@ return;
 			return preg_replace('/[^\w\d ]/',"",$text);
 		}
 
+		if($type == 'file')
+		{
+			return preg_replace('/[^\w\d_\.-]/',"",$text);
+		}
+
 
 		if($validate == false)
 		{
diff --git a/e107_handlers/theme_handler.php b/e107_handlers/theme_handler.php
index b93cb8c7e..dffc37813 100644
--- a/e107_handlers/theme_handler.php
+++ b/e107_handlers/theme_handler.php
@@ -83,7 +83,7 @@ class themeHandler
 
 		if(!empty($_POST['curTheme']))
 		{
-			$this->curTheme = e107::getParser()->filter($_POST['curTheme']);
+			$this->curTheme = e107::getParser()->filter($_POST['curTheme'],'file');
 		}
 		
 		if(!empty($_POST['setUploadTheme']) && !empty($unzippedTheme)) 
diff --git a/e107_plugins/newsletter/nl_archive.php b/e107_plugins/newsletter/nl_archive.php
index e09cdd548..a31ef618c 100644
--- a/e107_plugins/newsletter/nl_archive.php
+++ b/e107_plugins/newsletter/nl_archive.php
@@ -47,7 +47,7 @@ else
 	}
 	else
 	{
-		$limit_start = $_POST['limit_start'];
+		$limit_start = intval($_POST['limit_start']);
 	}
 	$nl_count = $sql->count('newsletter', '(*)', "WHERE newsletter_parent='".$action_parent_id."' AND newsletter_flag='1'");
 	if ($nl_count > 0)