Commit c6e98947 authored by Till Brehm's avatar Till Brehm

Improved path regex in system.inc.php

parent 5192dbc0
......@@ -851,7 +851,7 @@ class system{
//* We allow only some characters in the path
// * is allowed, for example it is part of wildcard certificates/keys: *.example.com.crt
if(!preg_match('@^/[-a-zA-Z0-9_/.*~]{1,}$@', $path)) return false;
if(!preg_match('@^/[-a-zA-Z0-9_/.*]{1,}[~]?$@', $path)) return false;
//* Check path for symlinks
$path_parts = explode('/', $path);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment