From fc3feb4a78ffb5ed6f07cc3fe13d7b48331e912a Mon Sep 17 00:00:00 2001
From: tianya <yanghuxiao@vip.qq.com>
Date: Mon, 17 Apr 2023 21:46:20 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AE=89=E5=85=A8=E6=BC=8F=E6=B4=9E=E4=BF=AE?=
 =?UTF-8?q?=E5=A4=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 dedebiz                           | 1 +
 src/admin/file_manage_control.php | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/dedebiz b/dedebiz
index 54f39355..e94134b2 100755
--- a/dedebiz
+++ b/dedebiz
@@ -36,6 +36,7 @@ COMMANDS:
 	help,h Shows 帮助
 	quick,q 快速开始一个开发环境
 	tdata 生成测试数据
+	pwd 更改管理员密码
 WEBSITE:
 	https://www.dedebiz.com/help/
 ";
diff --git a/src/admin/file_manage_control.php b/src/admin/file_manage_control.php
index 27ecc0ca..0723d088 100644
--- a/src/admin/file_manage_control.php
+++ b/src/admin/file_manage_control.php
@@ -21,6 +21,8 @@ else $inpath = $cfg_basedir.$activepath;
 $fmm = new FileManagement();
 $fmm->Init();
 if ($fmdo == "rename") {
+    $oldfilename = str_replace("..","",$oldfilename);
+    $newfilename = str_replace("..","",$newfilename);
     $fmm->RenameFile($oldfilename, $newfilename);
 }
 //新建目录