From f946b0f29f0a0806bb745bbe24148fe09970bc82 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Wed, 20 Aug 2008 19:02:04 +0000
Subject: Modified validator to not allow '/' characters when checking
 is_valid_filename with a path restriction.

git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1387 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 lib/validator.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/validator.lua b/lib/validator.lua
index afea72c..69797fb 100755
--- a/lib/validator.lua
+++ b/lib/validator.lua
@@ -217,7 +217,7 @@ function is_port(numstr)
 end
 
 function is_valid_filename ( path, restriction )
-	if not (path) or ((restriction) and (string.find (path, "^" .. restriction ) == nil)) then
+	if not (path) or ((restriction) and (string.find (path, "^" .. restriction ) == nil or string.find (path, "/", #restriction+2) )) then
 		return false, "* " .. validator.msg.err.FileInvalidPath1[lang.Current] .. "\n* ".. 
 			validator.msg.err.FileInvalidPath2[lang.Current] .. ":" .. string.format(restriction)
 	end
-- 
cgit v1.2.3