From eaae5042b421f1c19f54fc2eba2a3edccfed5225 Mon Sep 17 00:00:00 2001
From: Gabriel Dunne <gdunne@quilime.com>
Date: Sat, 10 Jul 2010 17:54:38 -0700
Subject: [PATCH] keep ..'s out of path

---
 lib/output.php | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/lib/output.php b/lib/output.php
index 6866c6c..a7e88e6 100644
--- a/lib/output.php
+++ b/lib/output.php
@@ -60,7 +60,7 @@ if( !function_exists('parse_ini_string') ) {
 
 
 /**
- * removes double slashes
+ * removes double slashes in path
  * @param path
  */
 function clean_slashes($path)
@@ -69,6 +69,15 @@ function clean_slashes($path)
 }
 
 
+/**
+ *  makes sure path is valid
+ */
+function validate_path()
+{
+
+}
+
+
 /**
 * @param    int     $seconds    Number of seconds to convert into a human-readable timestamp
 * @return   tring   Human-readable approximate timestamp like "2 hours"
@@ -148,8 +157,8 @@ function get_url_parts()
 
 function get_url()
 {
-$path_info = pathinfo($_SERVER['SCRIPT_URL']);
-$path_info['url'] = $_SERVER['SCRIPT_URL'];
+    $path_info = pathinfo($_SERVER['SCRIPT_URL']);
+    $path_info['url'] = preg_match("/\.\.\//", $_SERVER['SCRIPT_URL']) ? '/' : $_SERVER['SCRIPT_URL'];    
     return $path_info; //substr($_SERVER['SCRIPT_URL'], strlen(get_base_dir() . '/'));
 }
 
-- 
2.34.1