From dff53f21c8fccc7585f785fec893a5773e78a1b6 Mon Sep 17 00:00:00 2001
From: pcanterino <>
Date: Thu, 6 Jan 2005 14:28:00 +0000
Subject: [PATCH] - Fixed a bug occuring if the "curdir" CGI parameter had no
 trailing slash and   the "newfile" parameter had no leading slash - On
 Windows systems it was possible to access the directories above the root  
 directory by accessing a path ending with "..." or "...." and so on

---
 devedit.pl      | 2 +-
 modules/Tool.pm | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/devedit.pl b/devedit.pl
index 4ddc9e1..ee4f5fc 100644
--- a/devedit.pl
+++ b/devedit.pl
@@ -60,7 +60,7 @@ my $new_virtual  = '';
 if($newfile ne '' && $newfile !~ /^\s+$/)
 {
  $curdir  = upper_path($file) if($curdir eq '');
- my $path = $curdir.$newfile;
+ my $path = $curdir.'/'.$newfile;
 
  # Extract file and directory name...
 
diff --git a/modules/Tool.pm b/modules/Tool.pm
index e3056c5..dc11571 100644
--- a/modules/Tool.pm
+++ b/modules/Tool.pm
@@ -72,7 +72,7 @@ sub check_path($$)
  # Check if the path is above the root directory
 
  return if(index($path,$root) != 0);
- return if($first eq $root && $last =~ m!^(/|\\)?\.\.(/|\\)?$!);
+ return if($first eq $root && ($last eq '..' || ($^O eq 'MSWin32' && $last =~ m!^\.\.+$!)));
 
  # Create short path name
 
-- 
2.34.1