die( '404 — File not found.' );
}
-$file = BLOGUPLOADDIR . str_replace( '..', '', $_GET[ 'file' ] );
+$file = rtrim( BLOGUPLOADDIR, '/' ) . '/' . str_replace( '..', '', $_GET[ 'file' ] );
if ( !is_file( $file ) ) {
status_header( 404 );
die( '404 — File not found.' );
// If we made it this far, just serve the file
readfile( $file );
-?>