[ticket/10035] ACP template edit feature allows to read any files on webserver.

... and to upload/execute any script on it. Use preg_replace to filter filename

PHPBB3-10035

phpBB/includes/acp/acp_styles.php

@@ -716,7 +716,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		$save_changes	= (isset($_POST['save'])) ? true : false;
 
 		// make sure template_file path doesn't go upwards
-		$template_file = str_replace('..', '.', $template_file);
+		$template_file = preg_replace('#\.{2,}#', '.', $template_file);
 
 		// Retrieve some information about the template
 		$sql = 'SELECT template_storedb, template_path, template_name