--- trunk/source/server/sv_user.c 2007/10/19 15:39:07 673 +++ trunk/source/server/sv_user.c 2010/04/01 04:52:26 1685 @@ -323,6 +323,7 @@ extern cvar_t *allow_download_sounds; extern cvar_t *allow_download_maps; extern int file_from_pak; // ZOID did file come from pak? + int name_length; // For getting the final character. int offset = 0; name = Cmd_Argv(1); @@ -333,6 +334,10 @@ // hacked by zoid to allow more conrol over download // first off, no .. or global allow check if (strstr (name, "..") || !allow_download->value + // prevent config downloading on Win32 systems + || name[0] == '\\' + // negative offset causes crashing + || offset < 0 // leading dot is no good || *name == '.' // leading slash bad as well, must be in subdir @@ -354,6 +359,10 @@ return; } + // If the name ends in a slash or dot, hack it off. Continue to do so just + // in case some tricky fellow puts multiple slashes or dots. + while (name[(name_length = strlen(name))] == '.' || name[name_length] == '/' ) + name[name_length] = '\0'; if (sv_client->download) FS_FreeFile (sv_client->download);