Do not allow directory traversal using "../"
We should not allow directory traversals using "../" here. To test access the following URL once with and then without this patch: http://localhost/server/index.php/apps/files/?dir=../../This+Should+Not+Be+Here
Please register or sign in to comment