From 4b685cdf703c3acb94bdef16723c66c849dbb1a5 Mon Sep 17 00:00:00 2001
From: Seamus Lee <seamuslee001@gmail.com>
Date: Tue, 19 Sep 2017 14:40:09 +1000
Subject: [PATCH] CRM-20906 Validate the extension key is of general standard

---
 CRM/Admin/Form/Extensions.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/CRM/Admin/Form/Extensions.php b/CRM/Admin/Form/Extensions.php
index 2373bcb40d..4b93cc02a0 100644
--- a/CRM/Admin/Form/Extensions.php
+++ b/CRM/Admin/Form/Extensions.php
@@ -45,7 +45,9 @@ class CRM_Admin_Form_Extensions extends CRM_Admin_Form {
     $this->_key = CRM_Utils_Request::retrieve('key', 'String',
       $this, FALSE, 0
     );
-
+    if (!preg_match('/[0-9a-zA-Z._-]+/', $this->_key)) {
+      throw new CRM_Core_Exception('Extension Key does not match expected standard');
+    }
     $session = CRM_Core_Session::singleton();
     $url = CRM_Utils_System::url('civicrm/admin/extensions', 'reset=1&action=browse');
     $session->pushUserContext($url);
-- 
2.25.1