From 1a8220a7b53e8960af964ac4056866ccbfa11026 Mon Sep 17 00:00:00 2001
From: Guite <info@guite.de>
Date: Sat, 3 Dec 2016 11:46:33 +0100
Subject: [PATCH] fixed #3237

---
 CHANGELOG-1.3.md | 1 +
 src/jcss.php     | 1 +
 2 files changed, 2 insertions(+)

diff --git a/CHANGELOG-1.3.md b/CHANGELOG-1.3.md
index 9f0753653c..f55b07870c 100644
--- a/CHANGELOG-1.3.md
+++ b/CHANGELOG-1.3.md
@@ -5,6 +5,7 @@ CHANGELOG - ZIKULA 1.3.11
 - Add filter parameter to Menutree in order to work better with Clip (#2597)
 - Fixed user block is not shown and not editable (#2891)
 - Fixed getPluralOffset to return numbers instead of boolean values (#3010)
+- Fixed possible jcss vulnerability in Windows environment (#3237)
 
 
 CHANGELOG - ZIKULA 1.3.10
diff --git a/src/jcss.php b/src/jcss.php
index fac7d528de..323792d5bb 100644
--- a/src/jcss.php
+++ b/src/jcss.php
@@ -36,6 +36,7 @@
 }
 
 // clean $f
+$f = str_replace('\\', '', $f);
 $f = preg_replace('`/`', '', $f);
 
 // set full path to the file