From 962aa9f977ae7869f0d16ee3fde856ecb525ff24 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Fri, 22 Oct 2021 10:49:01 +0200
Subject: [PATCH] Fix #yogosha7494

---
 htdocs/document.php  | 2 ++
 htdocs/viewimage.php | 1 +
 2 files changed, 3 insertions(+)

diff --git a/htdocs/document.php b/htdocs/document.php
index 3c06801c9a0..e2cf8fb3c92 100644
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -195,9 +195,11 @@ if (!in_array($type, array('text/x-javascript')) && !dolIsAllowedForPreview($ori
 }
 
 // Security: Delete string ../ or ..\ into $original_file
+$original_file = preg_replace('/\.\.+/','..', $original_file);	// Replace '... or more' with '..'
 $original_file = str_replace('../', '/', $original_file);
 $original_file = str_replace('..\\', '/', $original_file);
 
+
 // Find the subdirectory name as the reference
 $refname = basename(dirname($original_file)."/");
 
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index f514c7c0302..0e91bd5bc9f 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -222,6 +222,7 @@ if (preg_match('/\.noexe$/i', $original_file)) {
 }
 
 // Security: Delete string ../ or ..\ into $original_file
+$original_file = preg_replace('/\.\.+/', '..', $original_file);	// Replace '... or more' with '..'
 $original_file = str_replace('../', '/', $original_file);
 $original_file = str_replace('..\\', '/', $original_file);