Fix a webadmin bug which was introduced in r1569

The directory prefix checking which prevents path traversal exploits had a logic
error that made it always fail.


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1574 726aef4b-f618-498e-8847-2d620e286838

modules/webadmin.cpp

@@ -253,13 +253,13 @@ CString CWebAdminSock::GetAvailSkinsDir() {
 
 CString CWebAdminSock::GetSkinDir() {
 	CString sAvailSkins = GetAvailSkinsDir();
-	CString sSkinDir = sAvailSkins + GetModule()->GetSkinName() + "/";
-	CString sDir = CDir::CheckPathPrefix("./", sSkinDir, "/");
+	CString sSkinDir = GetModule()->GetSkinName() + "/";
+	CString sDir = CDir::CheckPathPrefix(sAvailSkins, sSkinDir, "/");
 
 	// Via CheckPrefix() we check if someone tries to use e.g. a skin name
 	// with embed .. or such evilness.
-	if (!sDir.empty() && CFile::IsDir(sSkinDir)) {
-		return sSkinDir;
+	if (!sDir.empty() && CFile::IsDir(sDir)) {
+		return sDir + "/";
 	}
 
 	return m_pModule->GetModDataDir() + "/skins/default/";