Just see the example script getting exploited by clicking:
http://drupal.hu/?q=filebrowser/..

Here's my solution:
Replace line 291 (i think) with this:
$safer = str_replace(array("\\", "../", "/.svn", "/CVS", ".."), array("/", "", "", "",""), $folder);

Martin G.
martin {{at}} isg.si

Comments

Anonymous’s picture

(not verified) commented

Em sorry this issue is for filebrowser

ccourtne’s picture

ccourtne commented