From 7ce09ce35b62ebc5278f9df855137a59dd3013c3 Mon Sep 17 00:00:00 2001
From: Nahuel Angelinetti <nahuel@altnetvision.info>
Date: Mon, 27 Nov 2006 18:29:23 +0000
Subject: [PATCH] Correction d'une faille permettant de creer des fichiers dans
 d'autres repertoires que le home du membre.

---
 bureau/class/m_bro.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bureau/class/m_bro.php b/bureau/class/m_bro.php
index f93f3383..82679349 100644
--- a/bureau/class/m_bro.php
+++ b/bureau/class/m_bro.php
@@ -282,7 +282,7 @@ class m_bro {
     global $db,$err,$cuid;
     $file=ssla($file);
     $absolute=$this->convertabsolute($dir."/".$file,0);
-    if ($absolute && !file_exists($absolute)) {
+    if ($absolute && !file_exists($absolute) && checkuserpath($absolute."/".$file) != 0) {
       touch($absolute);
       $db->query("UPDATE browser SET crff=0 WHERE uid='$cuid';");
       return true;