Comment 4 for bug 1093967

Revision history for this message
Alex Harrington (alexharrington) wrote :

Kit seems to allow ../ as part of a word validation here:
http://bazaar.launchpad.net/~xibo-maintainers/xibo/head-14-fix/view/head:/server/lib/include.php#L136

Then on creation of the PageManager class, that string is used without further validation here:
http://bazaar.launchpad.net/~xibo-maintainers/xibo/head-14-fix/view/head:/server/lib/app/pagemanager.class.php#L44