@@ -116,7 +116,7 @@
$path_prefix = substr($path_array['dirname'], 0, strlen($edit_directory));
//validate the path
- if ($path_prefix == $edit_directory) {
+ if (realpath($path_prefix) == realpath($edit_directory)) {
if ($file_path != '') {
try {
//save file content
FusionPBX