Use realpath() to secure file and path names.
[core.git] / inc / classes / main / file_directories / output / class_FrameworkFileOutputPointer.php
index 1af2697b22d7c15fe3b20826de0ce0952ce08af1..907495c711c153905e2890e95aecd6992f1c2d34 100644 (file)
@@ -43,6 +43,9 @@ class FrameworkFileOutputPointer extends BaseFileIo {
         * @return      void
         */
        public static final function createFrameworkFileOutputPointer ($fileName, $mode) {
+               // Secure with realpath()
+               $fileName = realpath($fileName);
+
                // Some pre-sanity checks...
                if (is_null($fileName)) {
                        // No filename given