From 219de8ededab324091b49da5a05f6acf9b0603e5 Mon Sep 17 00:00:00 2001
From: Roman Arutyunyan <arut@qip.ru>
Date: Mon, 23 Jul 2012 17:19:25 +0400
Subject: [PATCH] added path checks

---
 ngx_rtmp_record_module.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ngx_rtmp_record_module.c b/ngx_rtmp_record_module.c
index ef81261..e6e674a 100644
--- a/ngx_rtmp_record_module.c
+++ b/ngx_rtmp_record_module.c
@@ -301,6 +301,7 @@ ngx_rtmp_record_publish(ngx_rtmp_session_t *s, ngx_rtmp_publish_t *v)
 {
     ngx_rtmp_record_app_conf_t     *racf;
     ngx_rtmp_record_ctx_t          *ctx;
+    u_char                         *p;
 
     racf = ngx_rtmp_get_module_app_conf(s, ngx_rtmp_record_module);
 
@@ -323,6 +324,17 @@ ngx_rtmp_record_publish(ngx_rtmp_session_t *s, ngx_rtmp_publish_t *v)
     ngx_memcpy(ctx->name, v->name, sizeof(ctx->name));
     ngx_memcpy(ctx->args, v->args, sizeof(ctx->args));
 
+    /* terminate name on /../ */
+    for (p = ctx->name; *p; ++p) {
+        if (ngx_path_separator(p[0]) &&
+            p[1] == '.' && p[2] == '.' && 
+            ngx_path_separator(p[3])) 
+        {
+            *p = 0;
+            break;
+        }
+    }
+
     if (ngx_rtmp_record_open(s) != NGX_OK) {
         return NGX_ERROR;
     }