From ce2bdc19172668571b0e8f696f77333d51b34747 Mon Sep 17 00:00:00 2001
From: Jose Gonzalez <jose.gonzalez@artica.es>
Date: Thu, 2 Sep 2021 13:38:55 +0200
Subject: [PATCH] Fixed issues uploading files and fix vulnerability

---
 pandora_console/include/functions_filemanager.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pandora_console/include/functions_filemanager.php b/pandora_console/include/functions_filemanager.php
index d538926666..4dc595f9fb 100644
--- a/pandora_console/include/functions_filemanager.php
+++ b/pandora_console/include/functions_filemanager.php
@@ -250,7 +250,7 @@ function create_text_file($default_real_directory)
         return;
     }
 
-    $filename = io_safe_output(get_parameter('name_file'));
+    $filename = filemanager_safe_directory((string) get_parameter('name_file'));
 
     if (empty($filename) === false) {
         $real_directory = filemanager_safe_directory((string) get_parameter('real_directory'));
@@ -981,8 +981,8 @@ function filemanager_safe_directory(
     $directory = io_safe_output($directory);
     $forbiddenAttempting = false;
 
-    if ((bool) preg_match('/(\.){1,2}/', $directory) !== false) {
-        $directory = preg_replace('/(\.){1,2}/', '', (empty($safedDirectory) === true) ? $directory : $safedDirectory);
+    if ((bool) preg_match('/(\.){2}/', $directory) !== false) {
+        $directory = preg_replace('/(\.){2}/', '', (empty($safedDirectory) === true) ? $directory : $safedDirectory);
         $forbiddenAttempting = true;
     }