Thanks Sergio for your review and input. Here is the patch I will be uploading.
---- + if (page_name[0] == '/') + return FALSE; + + if (strncmp(page_name, "../", 3) == 0) + return FALSE; + + if (strstr(page_name, "/../")) + return FALSE; ---- Cheers, Ignace M