Commit bd85c553 authored by Axel ROGER's avatar Axel ROGER

Fixes #1486

parent 92cfbd30
......@@ -95,8 +95,15 @@ class m_bro {
if (substr($dir,0,strlen($root))!=$root) {
return false;
}
// recomposer le chemin
$dir = $dir . '/' . $file;
# Si on tente de mettre un '..' alors erreur
if ( preg_match("/\/\.\.\//", $dir) || preg_match("/\/\.\.$/", $dir) ) {
return false;
}
if ($strip) {
$dir=substr($dir,strlen($root));
} else {
......@@ -453,9 +460,8 @@ class m_bro {
if ($new[0] != '/') {
$new = $old . '/' . $new;
} else {
$new = $this->convertabsolute($new,0);
}
$new = $this->convertabsolute($new,0);
if (!$new) {
$err->raise("bro",_("File or folder name is incorrect"));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment