[dev] Re: [cvs] commit: giapeto edit.php

[Chuck Hagenbuch]

Quoting Marko Djukic <mdjukic at horde.org>:

>> Make sense, since that probably gets stripped out to avoid attempts to get
>> out of the configured vfs file root.
>
> It shouldn't create the dir in the first place, no?

Well, I'm not sure this is the best solution, but I've modified the validation
code to filter '..' out of $name as well as $path in VFS_file's
_getNativePath() function. Should prevent dirs with .. in the name being
created now.

-chuck

--
"But she goes not abroad in search of monsters to destroy." - John 
Quincy Adams