From cfc8a4f15c131f5e80f2ad59485e0117b47cfebd Mon Sep 17 00:00:00 2001
From: rudolfkoenig <>
Date: Sun, 26 Nov 2023 09:42:20 +0000
Subject: [PATCH] 92_FileLog.pm: Fix CVE-2020-19360 (Forum #135959)

git-svn-id: https://svn.fhem.de/fhem/trunk@28210 2b470e98-0d58-463d-a4d8-8e2adae1ed80
---
 fhem/FHEM/92_FileLog.pm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/fhem/FHEM/92_FileLog.pm b/fhem/FHEM/92_FileLog.pm
index c8ce3ebef..a16c96828 100644
--- a/fhem/FHEM/92_FileLog.pm
+++ b/fhem/FHEM/92_FileLog.pm
@@ -711,6 +711,11 @@ FileLog_logWrapper($)
     return 0;
   }
 
+  if($file =~ m,.*/.*([^/]+$),) { # 135959
+    Log 1, "ERROR: FileLog_logWrapper: / not allowed in filename ($file)";
+    return 0;
+  }
+
   if(defined($type) && $type eq "text") {
     $defs{$d}{logfile} =~ m,^(.*)/([^/]*)$,; # Dir and File
     my $path = "$1/$file";