From 6e7eced8124e4827a6c93486ded7ed5e70a74b28 Mon Sep 17 00:00:00 2001
From: iliajie <gpg@ilia.engineer>
Date: Sat, 18 Mar 2023 01:28:21 +0200
Subject: [PATCH] Fix to resolve links before testing allowed path

---
 filemin/download.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/filemin/download.cgi b/filemin/download.cgi
index 04a7a839c..2fc1cb89a 100755
--- a/filemin/download.cgi
+++ b/filemin/download.cgi
@@ -9,7 +9,7 @@ use Cwd 'abs_path';
 
 get_paths();
 
-my $file = &simplify_path($cwd.'/'.$in{'file'});
+my $file = &resolve_links(&simplify_path($cwd.'/'.$in{'file'}));
 my $error = 1;
 for $allowed_path (@allowed_paths) {
 	if (&is_under_directory($allowed_path, $file)) {