From cad57dcc28ed9996b52e681ae06d62bc7b5c79c0 Mon Sep 17 00:00:00 2001
From: mark_story <mark@mark-story.com>
Date: Mon, 9 Mar 2015 21:55:07 -0400
Subject: [PATCH] Use DS instead of checking both slash styles.

Refs #5905
---
 lib/Cake/Network/CakeResponse.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/Cake/Network/CakeResponse.php b/lib/Cake/Network/CakeResponse.php
index 26bfb83be..6c8bc2a7e 100644
--- a/lib/Cake/Network/CakeResponse.php
+++ b/lib/Cake/Network/CakeResponse.php
@@ -1336,7 +1336,7 @@ class CakeResponse {
 			'download' => null
 		);
 
-		if (strpos($path, '../') !== false || strpos($path, '..\\') !== false) {
+		if (strpos($path, '..' . DS) !== false) {
 			throw new NotFoundException(__d(
 				'cake_dev',
 				'The requested file contains `..` and will not be read.'