From 6c1014f200c1364c4b9f7b830c2b227ecde3b350 Mon Sep 17 00:00:00 2001
From: psychon <psychon@726aef4b-f618-498e-8847-2d620e286838>
Date: Tue, 21 Jul 2009 21:04:49 +0000
Subject: [PATCH] Fix a webadmin bug which was introduced in r1569

The directory prefix checking which prevents path traversal exploits had a logic
error that made it always fail.


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1574 726aef4b-f618-498e-8847-2d620e286838
---
 modules/webadmin.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/webadmin.cpp b/modules/webadmin.cpp
index 52aa5576..ec9dffc1 100644
--- a/modules/webadmin.cpp
+++ b/modules/webadmin.cpp
@@ -253,13 +253,13 @@ CString CWebAdminSock::GetAvailSkinsDir() {
 
 CString CWebAdminSock::GetSkinDir() {
 	CString sAvailSkins = GetAvailSkinsDir();
-	CString sSkinDir = sAvailSkins + GetModule()->GetSkinName() + "/";
-	CString sDir = CDir::CheckPathPrefix("./", sSkinDir, "/");
+	CString sSkinDir = GetModule()->GetSkinName() + "/";
+	CString sDir = CDir::CheckPathPrefix(sAvailSkins, sSkinDir, "/");
 
 	// Via CheckPrefix() we check if someone tries to use e.g. a skin name
 	// with embed .. or such evilness.
-	if (!sDir.empty() && CFile::IsDir(sSkinDir)) {
-		return sSkinDir;
+	if (!sDir.empty() && CFile::IsDir(sDir)) {
+		return sDir + "/";
 	}
 
 	return m_pModule->GetModDataDir() + "/skins/default/";