From 69f65b2d607da827ddfa23d55c0506fb9902710e Mon Sep 17 00:00:00 2001
From: prozacx <prozacx@726aef4b-f618-498e-8847-2d620e286838>
Date: Fri, 5 May 2006 20:31:08 +0000
Subject: [PATCH] Fixed path constraints in get/send status commands

git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@731 726aef4b-f618-498e-8847-2d620e286838
---
 Client.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Client.cpp b/Client.cpp
index 8720ea21..8271a6e5 100644
--- a/Client.cpp
+++ b/Client.cpp
@@ -848,6 +848,11 @@ void CClient::UserCommand(const CString& sLine) {
 			return;
 		}
 
+		if ((!m_pUser->IsAdmin() && sFile.Left(1) == "~") || sFile.Left(1) == "/" || sFile.find("..") != CString::npos) {
+			PutStatus("Illegal path.");
+			return;
+		}
+
 		if (m_pUser) {
 			m_pUser->SendFile(sToNick, sFile);
 		}
@@ -859,7 +864,7 @@ void CClient::UserCommand(const CString& sLine) {
 			return;
 		}
 
-		if (sFile.find("..") != CString::npos) {
+		if ((!m_pUser->IsAdmin() && sFile.Left(1) == "~") || sFile.Left(1) == "/" || sFile.find("..") != CString::npos) {
 			PutStatus("Illegal path.");
 			return;
 		}