Please sign in to comment.
Do not allow directory traversal using "../"
We should not allow directory traversals using "../" here. To test access the following URL once with and then without this patch: http://localhost/server/index.php/apps/files/?dir=../../This+Should+Not+Be+Here
- Loading branch information...
Showing with 5 additions and 1 deletion.