6 years ago · e0d3a741fb
--- a/file_save.php
+++ b/file_save.php
@@ -116,7 +116,7 @@
 
				 	$path_prefix = substr($path_array['dirname'], 0, strlen($edit_directory));
			
 
				 
			
 
				 //validate the path
			
 
				-	if ($path_prefix == $edit_directory) {
			
 
				+	if (realpath($path_prefix) == realpath($edit_directory)) {
			
 
				 		if ($file_path != '') {
			
 
				 			try {
			
 
				 				//save file content