From 7b8d5f0cb6ad765292b26acabac884cf10f83281 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Sun, 24 Apr 2011 21:49:07 +0200
Subject: [PATCH] Added adm folder to allowed upload folders

---
 root/portal/includes/functions_upload.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/root/portal/includes/functions_upload.php b/root/portal/includes/functions_upload.php
index 735df998..c4e81402 100644
--- a/root/portal/includes/functions_upload.php
+++ b/root/portal/includes/functions_upload.php
@@ -112,7 +112,8 @@ class portal_upload
 						$cur_path = str_replace($mod_dir . '/', '', $cur_path);
 						$cut_pos = strpos($cur_path, '/');
 						
-						if(!in_array(substr($cur_path, 0, $cut_pos), array('portal', 'language', 'styles')))
+						// Only allow files in adm, language, portal and styles folder
+						if(!in_array(substr($cur_path, 0, $cut_pos), array('adm', 'language', 'portal', 'styles')))
 						{
 							$file->remove();
 							$this->directory_delete($mod_dir);