- $file = str_replace($GLOBALS['BACK_PATH'], '', $filename);
- if (is_file(PATH_typo3 . $file) || empty($GLOBALS['BACK_PATH'])) {
- return $file;
+ if (substr($filename, 0, strlen($GLOBALS['BACK_PATH'])) === $GLOBALS['BACK_PATH']) {
+ $file = str_replace($GLOBALS['BACK_PATH'], '', $filename);
+ if (is_file(PATH_typo3 . $file) || empty($GLOBALS['BACK_PATH'])) {
+ return $file;
+ }