From c25ffb161bca97dd17abe2eb6d13ad2b86328228 Mon Sep 17 00:00:00 2001
From: Wesley Miaw <josuah@users.sourceforge.net>
Date: Mon, 24 Nov 2003 02:17:58 +0000
Subject: Fixed grep typo. Should be checking for literal periods instead of
 any character. ('\.' versus '.' in regexp.)

---
 functions/init.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/functions/init.inc.php b/functions/init.inc.php
index 7661184..46f5bcc 100644
--- a/functions/init.inc.php
+++ b/functions/init.inc.php
@@ -134,7 +134,7 @@ if ($is_webcal) {
 		}
 		
 		// Sets the download and subscribe paths from the config if present.
-		if ($download_uri == '') {
+		if ($download_uri == '' && preg_match('/(^\/|\.\.\/)/', $filename) == 0) {
 			$subscribe_path = 'webcal://'.$HTTP_SERVER_VARS['SERVER_NAME'].dirname($HTTP_SERVER_VARS['PHP_SELF']).'/'.$filename;
 			$download_filename = $filename;
 		} elseif ($download_uri != '') {
-- 
cgit v1.2.3