From 0c4741c793dabb984c0161cb282fceac0dc30d0f Mon Sep 17 00:00:00 2001
From: Matt Pass <matt@mattpass.com>
Date: Tue, 15 Jan 2013 11:54:12 +0000
Subject: [PATCH] Disallow traversing to parent dir

---
 lib/file-control.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/file-control.php b/lib/file-control.php
index d2c5099..e00a020 100644
--- a/lib/file-control.php
+++ b/lib/file-control.php
@@ -98,7 +98,7 @@ if ($_GET['action']=="upload") {
 		class fileUploader {  
 			public function __construct($uploads) {  
 				global $docRoot;
-				$uploadDir=$docRoot.$iceRoot.str_replace("|","/",strClean($_POST['folder'])."/");
+				$uploadDir=$docRoot.$iceRoot.str_replace("..","",str_replace("|","/",strClean($_POST['folder'])."/"));
 				foreach($uploads as $current) {  
 					$this->uploadFile=$uploadDir.$current->name;
 					$fileName = $current->name;