2 files changed, 4 insertions, 1 deletions

diff --git a/pkg/tool/path.go b/pkg/tool/path.go
index 3c0d2d02..528db86d 100644
--- a/pkg/tool/path.go
+++ b/pkg/tool/path.go
@@ -17,5 +17,7 @@ func IsSameSiteURLPath(url string) bool {
 
 // SanitizePath sanitizes user-defined file paths to prevent remote code execution.
 func SanitizePath(path string) string {
-	return strings.TrimLeft(path, "./")
+	path = strings.TrimLeft(path, "/")
+	path = strings.Replace(path, "../", "", -1)
+	return path
 }
diff --git a/pkg/tool/path_test.go b/pkg/tool/path_test.go
index c9e18294..9f3441b1 100644
--- a/pkg/tool/path_test.go
+++ b/pkg/tool/path_test.go
@@ -38,6 +38,7 @@ func Test_SanitizePath(t *testing.T) {
 			expect string
 		}{
 			{"../../../../../../../../../data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8", "data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8"},
+			{"data/gogs/../../../../../../../../../data/sessions/a/9/a9f0ab6c3ef63dd8", "data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8"},
 
 			{"data/sessions/a/9/a9f0ab6c3ef63dd8", "data/sessions/a/9/a9f0ab6c3ef63dd8"},
 		}