From f7ce06a547df7fe95506f8fa8921b98b853ef628 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sat, 29 Dec 2007 03:14:53 +0000
Subject: [PATCH] Extra traversal check.

git-svn-id: http://svn.automattic.com/wordpress/branches/2.3@6521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/file.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php
index 7f79eb41ec..c201359bc6 100644
--- a/wp-admin/includes/file.php
+++ b/wp-admin/includes/file.php
@@ -43,6 +43,9 @@ function get_real_file_to_edit( $file ) {
 }
 
 function validate_file( $file, $allowed_files = '' ) {
+	if ( false !== strpos( $file, '..' ))
+		return 1;
+
 	if ( false !== strpos( $file, './' ))
 		return 1;