Security issue with subfolder

[joshbmarshall]

If subfolder GET parameter is set when calling /tinymce/plugins/filemanager/dialog.php then it is possible to traverse outside the containing folder by using '/../' in the query. So a web visitor can browse directory structures of the website and upload images if the user running the PHP process has access to those directories.