Merge with WP 2.3.2

git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1172 7be80a69-a1ef-0310-a953-fb0f7c49ff36
author: donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> 2008-01-02 16:00:05 +0000
committer: donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> 2008-01-02 16:00:05 +0000
commit: 1503e05616c295e6f980134dc341fa1a66dc9672 (patch)
tree: b0a7dc356affec0059670603f1cb990da7dbc026 /wp-admin/includes/file.php
parent: c65d51fec1d641efd1ec8a44c046cd54d588fe3b (diff)
download: wordpress-mu-1503e05616c295e6f980134dc341fa1a66dc9672.tar.gz
wordpress-mu-1503e05616c295e6f980134dc341fa1a66dc9672.tar.xz
wordpress-mu-1503e05616c295e6f980134dc341fa1a66dc9672.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php
index 25d9c26..45c05e5 100644
--- a/wp-admin/includes/file.php
+++ b/wp-admin/includes/file.php
@@ -43,6 +43,9 @@ function get_real_file_to_edit( $file ) {
 }
 
 function validate_file( $file, $allowed_files = '' ) {
+	if ( false !== strpos( $file, '..' ))
+		return 1;
+
 	if ( false !== strpos( $file, './' ))
 		return 1;
author	donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36>	2008-01-02 16:00:05 +0000
committer	donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36>	2008-01-02 16:00:05 +0000
commit	1503e05616c295e6f980134dc341fa1a66dc9672 (patch)
tree	b0a7dc356affec0059670603f1cb990da7dbc026 /wp-admin/includes/file.php
parent	c65d51fec1d641efd1ec8a44c046cd54d588fe3b (diff)
download	wordpress-mu-1503e05616c295e6f980134dc341fa1a66dc9672.tar.gz wordpress-mu-1503e05616c295e6f980134dc341fa1a66dc9672.tar.xz wordpress-mu-1503e05616c295e6f980134dc341fa1a66dc9672.zip