diff --git a/VERSIONS_HOTLINE/29622 b/VERSIONS_HOTLINE/29622
new file mode 100644
index 0000000000000000000000000000000000000000..d0785a6585deb592ce5da824e434c6a235a92f51
--- /dev/null
+++ b/VERSIONS_HOTLINE/29622
@@ -0,0 +1 @@
+ - ticket #29622 : Correction compatibilité explorateur de fichier / hébergement mutualisé sans sous-répertoire
\ No newline at end of file
diff --git a/ckeditor/core_five_filemanager/connectors/php/filemanager.php b/ckeditor/core_five_filemanager/connectors/php/filemanager.php
index 482c7ca1a7291fd715cd69129990f8e2716bd2d8..b0084555db47f7c60c501197ac2dd439d3105100 100644
--- a/ckeditor/core_five_filemanager/connectors/php/filemanager.php
+++ b/ckeditor/core_five_filemanager/connectors/php/filemanager.php
@@ -23,19 +23,15 @@ header('Content-type: application/json');
* @author Patrick Barroca
* @param string $path
*/
-function opacTraversalProtect ($path) {
- $path = (string)$path;
- $parts = explode('/', $path);
- array_shift($parts);
- if (2 > count($parts)) {
- exit();
- }
- if ('userfiles' != $parts[1]) {
- exit();
- }
- if (in_array('..', $parts)) {
- exit();
- }
+function opacTraversalProtect($path) {
+ $path = (string)$path;
+ $parts = explode('/', $path);
+ array_shift($parts);
+
+ if (in_array('..', $parts)
+ || 2 > count($parts)
+ || !in_array('userfiles', $parts))
+ exit();
}
@@ -64,7 +60,7 @@ if(!isset($_GET)) {
} else {
if(isset($_GET['mode']) && $_GET['mode']!='') {
switch($_GET['mode']) {
-
+
default:
opacTraversalProtect($_GET['path']);
$fm->error($fm->lang('MODE_ERROR'));
@@ -78,7 +74,7 @@ if(!isset($_GET)) {
break;
case 'getfolder':
- opacTraversalProtect($_GET['path']);
+ opacTraversalProtect($_GET['path']);
if($fm->getvar('path')) {
$response = $fm->getfolder();
}
@@ -121,12 +117,12 @@ if(!isset($_GET)) {
} else if(isset($_POST['mode']) && $_POST['mode']!='') {
switch($_POST['mode']) {
-
+
default:
$fm->error($fm->lang('MODE_ERROR'));
break;
-
+
case 'add':
if($fm->postvar('currentpath')) {
opacTraversalProtect($_POST['currentpath']);