From e6999a97c4698ecc98dc97744608038cb85b25a5 Mon Sep 17 00:00:00 2001
From: Angel Fernando Quiroz Campos <angelfqc.18@gmail.com>
Date: Thu, 11 Apr 2024 16:01:56 -0500
Subject: [PATCH] Security: Plugin: Validate plugin name to load its README.md
 file

---
 main/inc/ajax/plugin.ajax.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/main/inc/ajax/plugin.ajax.php b/main/inc/ajax/plugin.ajax.php
index 2f25794fc4..85f74bd211 100644
--- a/main/inc/ajax/plugin.ajax.php
+++ b/main/inc/ajax/plugin.ajax.php
@@ -13,8 +13,16 @@ $action = $_REQUEST['a'];
 
 switch ($action) {
     case 'md_to_html':
-        $plugin = isset($_GET['plugin']) ? $_GET['plugin'] : '';
+        $plugin = $_GET['plugin'] ?? '';
         $appPlugin = new AppPlugin();
+
+        $pluginPaths = $appPlugin->read_plugins_from_path();
+
+        if (!in_array($plugin, $pluginPaths)) {
+            echo Display::return_message(get_lang('NotAllowed'), 'error', false);
+            exit;
+        }
+
         $pluginInfo = $appPlugin->getPluginInfo($plugin);
 
         $html = '';