Changeset 1821

Show
Ignore:
Timestamp:
12/03/2011 10:21:27 PM (2 years ago)
Author:
BrianKoontz
Message:

Fixed issue that permitted files to be downloaded/deleted outside of
the upload path. Refs #1097.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • trunk/handlers/files.xml/files.xml.php

    r1752 r1821  
    5252 
    5353$file = $this->GetSafeVar('file', 'get'); 
    54 if ('.' == $file{0}) 
     54if(preg_match("/^[\.\/]/", $file)) 
    5555{ 
    5656        $this->Redirect($this->Href(), T_("Sorry, files of this type are not allowed."));