From bd85c55393f3c130d3c0e57a750c4e6f7b521112 Mon Sep 17 00:00:00 2001
From: Axel ROGER <axel.roger2@gmail.com>
Date: Thu, 18 Apr 2013 14:46:28 +0000
Subject: [PATCH] Fixes #1486

---
 bureau/class/m_bro.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/bureau/class/m_bro.php b/bureau/class/m_bro.php
index 58aba874..e1687b46 100644
--- a/bureau/class/m_bro.php
+++ b/bureau/class/m_bro.php
@@ -95,8 +95,15 @@ class m_bro {
     if (substr($dir,0,strlen($root))!=$root) {
       return false;
     } 
+
     // recomposer le chemin
     $dir = $dir . '/' . $file;
+
+    # Si on tente de mettre un '..' alors erreur
+    if ( preg_match("/\/\.\.\//", $dir) || preg_match("/\/\.\.$/", $dir) ) {
+      return false;
+    }
+
     if ($strip) {
       $dir=substr($dir,strlen($root));
     } else {
@@ -453,9 +460,8 @@ class m_bro {
 
     if ($new[0] != '/') {
       $new = $old . '/' . $new;
-    } else {
-      $new = $this->convertabsolute($new,0);
     }
+    $new = $this->convertabsolute($new,0);
 
     if (!$new) {
       $err->raise("bro",_("File or folder name is incorrect"));