From c2f6072b9b28394226dc4f77206b94f617a31c08 Mon Sep 17 00:00:00 2001
From: gfgtdf <tischpapier@gmail.com>
Date: Sat, 18 Oct 2014 04:17:01 +0200
Subject: [PATCH] reenable ".." in get_binary_file_location

this was also how ".." behaved in the old code.
---
 src/filesystem_boost.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/filesystem_boost.cpp b/src/filesystem_boost.cpp
index 5a4062bbaed1..df9876652eba 100644
--- a/src/filesystem_boost.cpp
+++ b/src/filesystem_boost.cpp
@@ -830,6 +830,16 @@ const std::vector<std::string>& get_binary_paths(const std::string& type)
 
 std::string get_binary_file_location(const std::string& type, const std::string& filename)
 {
+	// We define ".." as "remove everything before" this is needed becasue 
+	// on the one hand allowing ".." would be a security risk but 
+	// especialy for terrains the c++ engine puts a hardcoded "terrain/" before filename
+	// and there would be no way to "escape" from "terrain/" otherwise. This is not the 
+	// best solution but we cannot remove it without another solution (subtypes maybe?).
+	
+	// using 'for' instead 'if' to allow putting delcaration and check into the brackets
+	for(std::string::size_type pos = filename.rfind("../"); pos != std::string::npos;)
+		return get_binary_file_location(type, filename.substr(pos + 3));
+
 	if (!is_legal_file(filename))
 		return std::string();