FIX Allow double dots in path when not attempting directory traversal

silverstripe / silverstripe-framework

Silverstripe Framework, the MVC framework that powers Silverstripe CMS

https://www.silverstripe.org

BSD 3-Clause "New" or "Revised" License

720 stars 820 forks source link

Closed GuySartorelli closed 1 month ago

GuySartorelli commented 1 month ago

Doesn't throw an exception for .. in a filename in scenarios that can't trigger directory traversal.

This allows, for example, images with .. in the filename to be uploaded.