server/lib/classes/system.inc.php | ●●●●● patch | view | raw | blame | history |
server/lib/classes/system.inc.php
@@ -851,7 +851,7 @@ //* We allow only some characters in the path // * is allowed, for example it is part of wildcard certificates/keys: *.example.com.crt if(!preg_match('@^/[-a-zA-Z0-9_/.*~]{1,}$@', $path)) return false; if(!preg_match('@^/[-a-zA-Z0-9_/.*]{1,}[~]?$@', $path)) return false; //* Check path for symlinks $path_parts = explode('/', $path);