#14 Wrong directory handling in showpic.php

[Anonymous]

File showpic.php:
When the variable $album contains multiple directories

i.e. myalbum1/subalbum

the regular expression
$album = preg_replace('/..\//','',
stripslashes($_GET['album']));

is evaluated wrong. It strips the last two characters of
the first album and the slash. The right expression is

$album = preg_replace('/\.\.\//','',
stripslashes($_GET['album']));

Best Regards,
Carsten Schumann
grypho@tempus-vivit.net