Kit seems to allow ../ as part of a word validation here: http://bazaar.launchpad.net/~xibo-maintainers/xibo/head-14-fix/view/head:/server/lib/include.php#L136
Then on creation of the PageManager class, that string is used without further validation here: http://bazaar.launchpad.net/~xibo-maintainers/xibo/head-14-fix/view/head:/server/lib/app/pagemanager.class.php#L44
Kit seems to allow ../ as part of a word validation here: bazaar. launchpad. net/~xibo- maintainers/ xibo/head- 14-fix/ view/head: /server/ lib/include. php#L136
http://
Then on creation of the PageManager class, that string is used without further validation here: bazaar. launchpad. net/~xibo- maintainers/ xibo/head- 14-fix/ view/head: /server/ lib/app/ pagemanager. class.php# L44
http://