From 3a5eb942e5862fde5fb0421537fbd6a720de6267 Mon Sep 17 00:00:00 2001
From: Ilia Rostovtsev <ilia@rostovtsev.io>
Date: Sun, 23 May 2021 21:02:54 +0300
Subject: [PATCH] Fix to quotemeta allowed paths
 https://www.virtualmin.com/node/71138

---
 filemin/index.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/filemin/index.cgi b/filemin/index.cgi
index 25ec45df1..055a0103b 100755
--- a/filemin/index.cgi
+++ b/filemin/index.cgi
@@ -26,8 +26,8 @@ unless (opendir ( DIR, $cwd )) {
         for $path (@allowed_paths) {
             my $slashed = $path;
             $slashed .= "/" if ($slashed !~ /\/$/);
-            push @tmp_list, grep { $slashed =~ /^$_\// ||
-				   $_ =~ /$slashed/ } @list;
+            push @tmp_list, grep { $slashed =~ /^\Q$_\E\// ||
+				   $_ =~ /\Q$slashed\E/ } @list;
         }
         # Remove duplicates
         my %hash = map { $_, 1 } @tmp_list;