diff options
Diffstat (limited to 'LedgerSMB')
| -rwxr-xr-x | LedgerSMB/AM.pm | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/LedgerSMB/AM.pm b/LedgerSMB/AM.pm index 387d9d8b..fb4794f4 100755 --- a/LedgerSMB/AM.pm +++ b/LedgerSMB/AM.pm @@ -1251,7 +1251,7 @@ sub check_template_name { my ($self, $myconfig, $form) = @_; my @allowedsuff = qw(css tex txt html xml); - if ($form->{file} =~ /^(.:)*?\/|\.\.\/|^\//){ + if ($form->{file} =~ /^(.:)*?\/|:|\.\.\/|^\//){ $form->error("Directory transversal not allowed."); } if ($form->{file} =~ /^${LedgerSMB::Sysconfig::userspath}\//){ |