pdp (architect) wrote:
> hei man, this is not a news :)
hehe, the maintainer should update the changelog with
this feature then :-)
i suggest this fix for the directory traversal bug
path = str_replace('../', '', path);
regards,
Francesco 'ascii' Ongaro
http://www.ush.it/
..././..././..././..././
how can't you love funsec?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
