From 1aef477555360abffe443bb3df90c3647ea6eca9 Mon Sep 17 00:00:00 2001
From: llgoer <llgoer@github.com>
Date: Sat, 25 Apr 2020 14:48:29 +0800
Subject: [PATCH] Update edit_space_info.php

---
 src/member/edit_space_info.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/member/edit_space_info.php b/src/member/edit_space_info.php
index cbeb88b7..0bf572d0 100755
--- a/src/member/edit_space_info.php
+++ b/src/member/edit_space_info.php
@@ -21,10 +21,17 @@ if($dopost=='save')
     $spacename =(empty($spacename))? "" : $spacename;
     $maxlength = $cfg_max_face * 1024;
     $userdir = $cfg_user_dir.'/'.$cfg_ml->M_ID;
+
+    if (strpos($oldspacelogo,"..") > 0) 
+    {
+        die("not support!");
+    }
+
     if(!preg_match('#^'.$userdir."#", $oldspacelogo))
     {
         $oldspacelogo = '';
     }
+
     if(is_uploaded_file($spacelogo))
     {
         if(@filesize($_FILES['spacelogo']['tmp_name']) > $maxlength)