From af72e41cf306df43dceafd306945c699fa40bc83 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 7 Dec 2016 17:33:34 +0100
Subject: [PATCH] check if mimetype has valid chars before saving new fulltext
 converter

---
 op/op.Settings.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/op/op.Settings.php b/op/op.Settings.php
index c38cf457c..73f1523a1 100644
--- a/op/op.Settings.php
+++ b/op/op.Settings.php
@@ -177,9 +177,10 @@ if ($action == "saveSettings")
   $settings->_cmdTimeout = (intval($_POST["cmdTimeout"]) > 0) ?intval($_POST["cmdTimeout"]) : 1;
 
   // SETTINGS - ADVANCED - INDEX CMD
-  $settings->_converters['fulltext'] = $_POST["converters"];
-  if(trim($_POST["converters_newmimetype"]) && trim($_POST["converters_newcmd"])) {
-    $settings->_converters['fulltext'][trim($_POST["converters_newmimetype"])] = trim($_POST["converters_newcmd"]);
+	$settings->_converters['fulltext'] = $_POST["converters"];
+	$newmimetype = preg_replace('#[^A-Za-z0-9_/+]+#', ',', $_POST["converters_newmimetype"]);
+  if($newmimetype && trim($_POST["converters_newcmd"])) {
+    $settings->_converters['fulltext'][$newmimetype] = trim($_POST["converters_newcmd"]);
   }
 
   // -------------------------------------------------------------------------