There are entries that a user/store owner could make regarding the file storage location that appear are not fully addressed by the code that checks for the presence of the admin directory. Ie. the use of features like: ../.././up_a_path/up_a_path/admin are not "factored" into the equality check. There is code in ZC that will help address this and it ought to be addressed in the upcoming version to support ZC 1.5.5 and reduce the possibility of a user entering the admin path into the database.
There are entries that a user/store owner could make regarding the file storage location that appear are not fully addressed by the code that checks for the presence of the admin directory. Ie. the use of features like: ../.././up_a_path/up_a_path/admin are not "factored" into the equality check. There is code in ZC that will help address this and it ought to be addressed in the upcoming version to support ZC 1.5.5 and reduce the possibility of a user entering the admin path into the database.