Index: branches/5.0.x/core/kernel/db/db_event_handler.php
===================================================================
diff -u -r12264 -r12277
--- branches/5.0.x/core/kernel/db/db_event_handler.php	(.../db_event_handler.php)	(revision 12264)
+++ branches/5.0.x/core/kernel/db/db_event_handler.php	(.../db_event_handler.php)	(revision 12277)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: db_event_handler.php 12264 2009-08-11 11:05:08Z alex $
+* @version	$Id: db_event_handler.php 12277 2009-08-12 14:15:49Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -2391,15 +2391,20 @@
 		 */
 		function OnViewFile(&$event)
 		{
-			if (strpos($this->Application->GetVar('file'), '../') !== false) return ;
+			$file = $this->Application->GetVar('file');
+			if ((strpos($file, '../') !== false) || (trim($file) !== $file)) {
+				// when relative paths or special chars are found template names from url, then it's hacking attempt
+				return ;
+			}
+
 			if ($this->Application->GetVar('tmp')) {
 				$path = WRITEABLE . '/tmp/' . $this->Application->GetVar('id') . '_' . $this->Application->GetVar('file');
 			}
 			else {
 				$object =& $event->getObject(array('skip_autoload'=>true));
 				$options = $object->GetFieldOptions($this->Application->GetVar('field'));
 
-				$path = FULL_PATH.$options['upload_dir'].$this->Application->GetVar('file');
+				$path = FULL_PATH.$options['upload_dir'].$file;
 			}
 
 			$path = str_replace('/', DIRECTORY_SEPARATOR, $path);