From ae8ee64cf16799982b09b65c935a1bd8f776bcb0 Mon Sep 17 00:00:00 2001
From: root <root@chevaliers.lan>
Date: Wed, 25 Jan 2023 00:00:20 -0500
Subject: [PATCH] Deploy path traversal fix

---
 tinyfilemanager.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tinyfilemanager.php b/tinyfilemanager.php
index 9a41e334..5b57b7bc 100644
--- a/tinyfilemanager.php
+++ b/tinyfilemanager.php
@@ -1065,6 +1065,15 @@ function get_file_path () {
     }
 
     $files = $_POST['file'];
+    $sanitized_files = array();
+
+    // clean path
+    foreach($files as $file){
+        array_push($sanitized_files, fm_clean_path($file));
+    }
+    
+    $files = $sanitized_files;
+    
     if (!empty($files)) {
         chdir($path);