From 86f6940b48bf00579b081ddac59aee69261fd1a9 Mon Sep 17 00:00:00 2001
From: garvinhicking <garvinhicking>
Date: Mon, 9 May 2005 08:10:25 +0000
Subject: [PATCH] disallow "." files like .htaccess. Sebastian, Tom - see my
 mail about this issue.

---
 include/admin/images.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/admin/images.inc.php b/include/admin/images.inc.php
index 4d1e958..fdedb81 100644
--- a/include/admin/images.inc.php
+++ b/include/admin/images.inc.php
@@ -125,7 +125,7 @@ switch ($serendipity['GET']['adminAction']) {
             $tindex  = 1;
         }
 
-        if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && preg_match('@\.(php[34]?|[ps]html?)$@i', $tfile)) {
+        if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && (preg_match('@\.(php[34]?|[ps]html?)$@i', $tfile) || preg_match('@^\.@', $tfile)) {
             printf(ERROR_FILE_FORBIDDEN, $tfile);
             break;
         }
-- 
2.39.5