X-Git-Url: https://code.citadel.org/?p=citadel.git;a=blobdiff_plain;f=citadel%2Ffile_ops.c;fp=citadel%2Ffile_ops.c;h=5547c005e0a374c20df9be7a32753111a88c0282;hp=b52915e70ae0da62f4ca41e07d4b1a7f9dac9a29;hb=21ab241ce134dfd2dd1520249e569d4b71c6e6e2;hpb=fe4ad631ada6d1c97bd16abf3ed39f6b25a0c6b6

diff --git a/citadel/file_ops.c b/citadel/file_ops.c
index b52915e70..5547c005e 100644
--- a/citadel/file_ops.c
+++ b/citadel/file_ops.c
@@ -203,6 +203,12 @@ void cmd_open(char *cmdbuf)
 			ERROR + FILE_NOT_FOUND);
 		return;
 	}
+	if (strstr(filename, "../") != NULL)
+	{
+		cprintf("%d syntax error.\n",
+			ERROR + ILLEGAL_VALUE);
+		return;
+	}
 
 	if (CC->download_fp != NULL) {
 		cprintf("%d You already have a download file open.\n",
@@ -284,6 +290,13 @@ void cmd_oimg(char *cmdbuf)
 				filename[a] = '_';
 			}
 		}
+		if (strstr(filename, "../") != NULL)
+		{
+			cprintf("%d syntax error.\n",
+				ERROR + ILLEGAL_VALUE);
+			return;
+		}
+
 		snprintf(pathname, sizeof pathname,
 				 "%s/%s",
 				 ctdl_image_dir,