From a45aa54748d2c2c901d7f08b6da6cf0f5fdb37d5 Mon Sep 17 00:00:00 2001
From: prozacx <prozacx@726aef4b-f618-498e-8847-2d620e286838>
Date: Sat, 7 Jan 2006 06:27:03 +0000
Subject: [PATCH] Don't allow .. in GET

git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@596 726aef4b-f618-498e-8847-2d620e286838
---
 Client.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Client.cpp b/Client.cpp
index 46d1e66f..aa9d55cc 100644
--- a/Client.cpp
+++ b/Client.cpp
@@ -860,6 +860,11 @@ void CClient::UserCommand(const CString& sLine) {
 			return;
 		}
 
+		if (sFile.find("..") != CString::npos) {
+			PutStatus("Illegal path.");
+			return;
+		}
+
 		if (m_pUser) {
 			m_pUser->SendFile(GetNick(), sFile);
 		}