*** includes/stream_wrappers.inc	2010-12-27 16:43:42.000000000 -0500
--- includes/symlink_stream_wrappers.inc	2010-12-27 16:42:57.000000000 -0500
*************** abstract class DrupalLocalStreamWrapper 
*** 359,364 ****
--- 359,365 ----
     *   Optional URI, supplied when doing a move or rename.
     */
    protected function getLocalPath($uri = NULL) {
+     $symlink = FALSE;
      if (!isset($uri)) {
        $uri = $this->uri;
      }
*************** abstract class DrupalLocalStreamWrapper 
*** 366,375 ****
      $realpath = realpath($path);
      if (!$realpath) {
        // This file does not yet exist.
        $realpath = realpath(dirname($path)) . '/' . basename($path);
      }
      $directory = realpath($this->getDirectoryPath());
!     if (!$realpath || !$directory || strpos($realpath, $directory) !== 0) {
        return FALSE;
      }
      return $realpath;
--- 367,382 ----
      $realpath = realpath($path);
      if (!$realpath) {
        // This file does not yet exist.
+       $dirpath = dirname($path);
+       $realpath = realpath($dirpath);
+       $symlink = ($realpath != $dirpath && !preg_match('/\.\./', $dirpath) && !preg_match('/~/', $dirpath));
        $realpath = realpath(dirname($path)) . '/' . basename($path);
      }
+     else {
+       $symlink = ($realpath != $path && !preg_match('/\.\./', $path) && !preg_match('/~/', $path));
+     }
      $directory = realpath($this->getDirectoryPath());
!     if (!$realpath || !$directory || (strpos($realpath, $directory) !== 0 && !$symlink)) {
        return FALSE;
      }
      return $realpath;