make no use of relative paths for server mod_security

[timmetj]

Hello,

I bumped onto this issue where my servers mod_security blocked the ../../ paths. Currently i was able to use full paths (starting from server root '/' or document_root) for "current_path" and "thumbs_base_path" which made me pass for upload script, only now the dialog doesn't show the correct thumbs since you can't use full aths as src. Can you maybe add an extra parameter for the thumb urls, so everything keeps working and you don't have to mess with the security mod?

I think you only need to add a thumbs_url for preview in the dialog.php line 835 all the rest uses the fullpath

[trippo]

You can try to put thumbs and source folder inside filemanager

[timmetj]

Since we use a global data map for all our uploaded stuff, that won't be an option.. For now everything works by simply added 1 extra option "thumb_src_path" (or something) in the config.php and then add that variable to line 835 in dialog.php, seems like an easy improvement to still be able to put the files where you want, and don't have to worry about security issues.