From 0d4b4cc030d09413f102f7629d476707cc6c3d96 Mon Sep 17 00:00:00 2001
From: Jkat <fission@live.com>
Date: Thu, 13 Jul 2017 16:34:47 -0400
Subject: [PATCH] Fixing full file system access security vulnerability

---
 htdocs/GetStatic.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/GetStatic.php b/htdocs/GetStatic.php
index 9e5e51b1dd1..4176050dec6 100644
--- a/htdocs/GetStatic.php
+++ b/htdocs/GetStatic.php
@@ -79,7 +79,7 @@
 // Make sure that the user isn't trying to break out of the $path by
 // using a relative filename.
 // No need to check for '/' since all downloads are relative to $basePath
-if (strpos("..", $File) !== false) {
+if (strpos($File, "..") !== false) {
     error_log("ERROR: Invalid filename");
     header("HTTP/1.1 400 Bad Request");
     exit(4);