This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Close a sanity check hole in language packs
A language pack containing a directory traversing symlink could be uploaded. Upon backup creation, the symlink would then lead to inclusion of whatever it was pointing to in the resulting backup. This could be used by an attacker with admin permissions to extract information from the server.
- Loading branch information
Showing 1 changed file with 16 additions and 4 deletions.