Merge branch 'master' of github.com:LimeSurvey/LimeSurvey

* 'master' of github.com:LimeSurvey/LimeSurvey: Dev: Don't check file '..' when listing template files
LimeSurvey · Feb 23, 2018 · f101a91 · f101a91
2 parents c8bd77b + 320ecb8
commit f101a91
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/application/models/Template.php b/application/models/Template.php
@@ -341,6 +341,10 @@ static public function getOtherFiles($filesDir)
         $otherFiles = array();
         if (file_exists($filesDir) && $handle = opendir($filesDir)) {
             while (false !== ($file = readdir($handle))) {
+                // The file '..' can mess with open_basedir permissions.
+                if ($file == '..' || $file == '.') {
+                    continue;
+                }
                 if (!is_dir($file)) {
                     $otherFiles[] = array("name" => $file);
                 }