From 4e9c9bcf96bf02b3d17c43c6570a7813eb5ecec1 Mon Sep 17 00:00:00 2001
From: Naiel <109038805+naielv@users.noreply.github.com>
Date: Sat, 21 Feb 2026 21:57:14 +0100
Subject: [PATCH] Update filename sanitization method

Sanitize the filename by removing path information.
---
 public_html/_incl/tools.security.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public_html/_incl/tools.security.php b/public_html/_incl/tools.security.php
index d25061d..9654424 100644
--- a/public_html/_incl/tools.security.php
+++ b/public_html/_incl/tools.security.php
@@ -10,7 +10,7 @@ function Sf($filename) {
      * @return string The sanitized filename.
      */
     // Remove any path information and null bytes
-    $filename = realpath($filename);
+    $filename = basename($filename);
     if ($filename === false) {
         $filename = "";
     }