diff --git a/services/clsi/app/coffee/RequestParser.coffee b/services/clsi/app/coffee/RequestParser.coffee index 93c843dd4f..d9a2e9bbe4 100644 --- a/services/clsi/app/coffee/RequestParser.coffee +++ b/services/clsi/app/coffee/RequestParser.coffee @@ -75,4 +75,5 @@ module.exports = RequestParser = return attribute _sanitizePath: (path) -> - path.replace(/[^a-zA-Z0-9_\-;.,\/ ]/g, "") \ No newline at end of file + # See http://php.net/manual/en/function.escapeshellcmd.php + path.replace(/[\#\&\;\`\|\*\?\~\<\>\^\(\)\[\]\{\}\$\\\,\x0A\xFF]/g, "") \ No newline at end of file