Index: /FCKeditor/trunk/editor/filemanager/connectors/asp/io.asp
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/asp/io.asp	(revision 1796)
+++ /FCKeditor/trunk/editor/filemanager/connectors/asp/io.asp	(revision 1797)
@@ -173,5 +173,5 @@
 
 	' Check for invalid folder paths (..)
-	If ( InStr( 1, sCurrentFolder, ".." ) <> 0 ) Then
+	If ( InStr( 1, sCurrentFolder, ".." ) <> 0 OR InStr( 1, sCurrentFolder, "\" ) <> 0) Then
 		SendError 102, ""
 	End If
Index: /FCKeditor/trunk/editor/filemanager/connectors/asp/upload.asp
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/asp/upload.asp	(revision 1796)
+++ /FCKeditor/trunk/editor/filemanager/connectors/asp/upload.asp	(revision 1797)
@@ -33,4 +33,8 @@
 <%
 
+Sub SendError( number, text )
+	SendUploadResults number, "", "", text
+End Sub
+
 ' Check if this uploader has been enabled.
 If ( ConfigIsEnabled = False ) Then
Index: /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_connector.cfm
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_connector.cfm	(revision 1796)
+++ /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_connector.cfm	(revision 1797)
@@ -130,5 +130,5 @@
 	<cfset xmlContent = "<Error number=""1"" text=""This connector is disabled. Please check the 'editor/filemanager/connectors/cfm/config.cfm' file"" />">
 
-<cfelseif find("..",url.currentFolder)>
+<cfelseif find("..",url.currentFolder) or find("\",url.currentFolder)>
 
 	<cfset xmlContent = "<Error number=""102"" />">
Index: /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_upload.cfm
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_upload.cfm	(revision 1796)
+++ /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_upload.cfm	(revision 1797)
@@ -100,5 +100,5 @@
 </cfif>
 
-<cfif find( "..", url.currentFolder)>
+<cfif find( "..", url.currentFolder) or find( "\", url.currentFolder)>
 	<cfset SendUploadResults(102)>
 	<cfabort>
Index: /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_io.cfm
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_io.cfm	(revision 1796)
+++ /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_io.cfm	(revision 1797)
@@ -175,5 +175,5 @@
 </cffunction>
 
-<cffunction name="GetCurrentFolder" returntype="String" output="false">
+<cffunction name="GetCurrentFolder" returntype="String" output="true">
 	<cfset var sCurrentFolder = "/">
 
@@ -194,5 +194,5 @@
 	<cfset sCurrentFolder = rereplace( sCurrentFolder, "//+", "/", "all" )>
 
-	<cfif find( "..", sCurrentFolder)>
+	<cfif find( "..", sCurrentFolder) or find( "\", sCurrentFolder) >
 		<cfset SendError( 102, "" )>
 	</cfif>
Index: /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_upload.cfm
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_upload.cfm	(revision 1796)
+++ /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_upload.cfm	(revision 1797)
@@ -34,4 +34,10 @@
 <cfinclude template="cf_commands.cfm">
 
+<cffunction name="SendError" returntype="void" output="true">
+	<cfargument name="number" required="true" type="Numeric">
+	<cfargument name="text" required="true">
+	<cfreturn SendUploadResults( "#ARGUMENTS.number#", "", "", "ARGUMENTS.text" )>
+</cffunction>
+
 <cfset REQUEST.Config = Config>
 <cfif find( "/", getBaseTemplatePath() ) >
Index: /FCKeditor/trunk/editor/filemanager/connectors/lasso/connector.lasso
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/lasso/connector.lasso	(revision 1796)
+++ /FCKeditor/trunk/editor/filemanager/connectors/lasso/connector.lasso	(revision 1797)
@@ -56,4 +56,63 @@
 	);
 
+	/*.....................................................................
+	Custom tag sets the HTML response.
+	*/
+	
+	define_tag(
+		'htmlreply',
+		-namespace='fck_',
+		-priority='replace',
+		-required='uploadResult',
+		-optional='NewFilePath',
+		-type='string',
+		-description='Sets the HTML response for the FCKEditor File Upload feature.'
+	);
+		$__html_reply__ = '\
+<script type="text/javascript">
+(function()
+{
+	var d = document.domain ;
+
+	while ( true )
+	{
+		// Test if we can access a parent property.
+		try
+		{
+			var test = window.top.opener.document.domain ;
+			break ;
+		}
+		catch( e ) {}
+
+		// Remove a domain part: www.mytest.example.com => mytest.example.com => example.com ...
+		d = d.replace( /.*?(?:\\.|$)/, "" ) ;
+
+		if ( d.length == 0 )
+			break ;		// It was not able to detect the domain.
+
+		try
+		{
+			document.domain = d ;
+		}
+		catch (e)
+		{
+			break ;
+		}
+	}
+})() ;
+';
+			if($uploadResult == '0' || $uploadResult == '201');
+			$__html_reply__ = $__html_reply__ + '\
+	window.parent.OnUploadCompleted(' + $uploadResult + ',\'' + $NewFilePath + '\',\'' + $NewFilePath->split('/')->last + '\');
+</script>
+			';
+			else;
+			$__html_reply__ = $__html_reply__ + '\
+	window.parent.OnUploadCompleted(' + $uploadResult + ');
+</script>
+			';
+			/if;
+	/define_tag;
+	
 
     /*.....................................................................
@@ -64,8 +123,20 @@
 	var('currentFolderURL' = $ServerPath
 		+ $config->find('Subdirectories')->find(action_param('Type'))
-		+ action_param('CurrentFolder')
+		+ $CurrentFolder
 	);
 
-
+	if($CurrentFolder->(Find: '..') || $CurrentFolder->(Find: '\\'));
+		if($Command == 'FileUpload');
+			$responseType = 'html';
+			$uploadResult = '102';
+			fck_htmlreply(
+				-uploadResult=$uploadResult
+			);
+		else;
+			$errorNumber = 102;
+			$commandData += '<Error number="' + $errorNumber + '" />\n';
+		/if;
+	else;
+	
     /*.....................................................................
     Build the appropriate response per the 'Command' parameter. Wrap the
@@ -150,6 +221,10 @@
                 Was a file actually uploaded?
                 */
-				file_uploads->size ? $NewFile = file_uploads->get(1) | $uploadResult = '202';
-
+                if(file_uploads->size);
+                	$NewFile = file_uploads->get(1);
+                else;
+                	$uploadResult = '202';
+                /if;
+                
 				if($uploadResult == '0');
                     /*.....................................................
@@ -195,60 +270,15 @@
 								$OrigFilePath != $NewFilePath ? $uploadResult = 201;
 							case;
-								$uploadResult = '202';
+								$uploadResult = file_currenterror( -errorcode);
 						/select;
 					/if;
 				/if;
-
-
-                /*.........................................................
-                Set the HTML response.
-                */
-                $__html_reply__ = '\
-<script type="text/javascript">
-(function()
-{
-	var d = document.domain ;
-
-	while ( true )
-	{
-		// Test if we can access a parent property.
-		try
-		{
-			var test = window.top.opener.document.domain ;
-			break ;
-		}
-		catch( e ) {}
-
-		// Remove a domain part: www.mytest.example.com => mytest.example.com => example.com ...
-		d = d.replace( /.*?(?:\\.|$)/, "" ) ;
-
-		if ( d.length == 0 )
-			break ;		// It was not able to detect the domain.
-
-		try
-		{
-			document.domain = d ;
-		}
-		catch (e)
-		{
-			break ;
-		}
-	}
-})() ;
-';
-				if($uploadResult == '0' || $uploadResult == '201');
-				$__html_reply__ = $__html_reply__ + '\
-	window.parent.OnUploadCompleted(' + $uploadResult + ',\'' + $NewFilePath + '\',\'' + $NewFilePath->split('/')->last + '\');
-</script>
-				';
-				else;
-				$__html_reply__ = $__html_reply__ + '\
-	window.parent.OnUploadCompleted(' + $uploadResult + ');
-</script>
-				';
-				/if;
+				fck_htmlreply(
+					-uploadResult=$uploadResult,
+					-NewFilePath=$NewFilePath
+				);
 		/select;
 	/inline;
-
+	/if;
 
     /*.....................................................................
@@ -269,23 +299,24 @@
 Content-Type: text/xml; charset=utf-8
 [//lasso
-		/header;
-
-
-        /*.................................................................
-        Set the content type encoding for Lasso.
-        */
+/header;
+
+		/*
+			Set the content type encoding for Lasso.
+		*/
 		content_type('text/xml; charset=utf-8');
 
-
-        /*.................................................................
-        Wrap the response as XML and output.
-        */
+		/*
+			Wrap the response as XML and output.
+		*/
 		$__html_reply__ = '\
 <?xml version="1.0" encoding="utf-8" ?>
-<Connector command="' + $Command + '" resourceType="' + $Type + '">
-	<CurrentFolder path="' + $CurrentFolder + '" url="' + $currentFolderURL + '" />
-' + $commandData + '
-</Connector>
-		';
+<Connector command="' + $Command + '" resourceType="' + $Type + '">';
+
+		if($errorNumber != '102');
+			$__html_reply__ += '<CurrentFolder path="' + $CurrentFolder + '" url="' + $currentFolderURL + '" />';
+		/if;
+
+		$__html_reply__ += $commandData + '
+</Connector>';
 	/if;
 ]
Index: /FCKeditor/trunk/editor/filemanager/connectors/lasso/upload.lasso
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/lasso/upload.lasso	(revision 1796)
+++ /FCKeditor/trunk/editor/filemanager/connectors/lasso/upload.lasso	(revision 1797)
@@ -57,5 +57,4 @@
 	);
 
-
 	/*.....................................................................
 	Custom tag sets the HTML response.
@@ -78,4 +77,34 @@
 		$__html_reply__ = '\
 <script type="text/javascript">
+(function()
+{
+	var d = document.domain ;
+
+	while ( true )
+	{
+		// Test if we can access a parent property.
+		try
+		{
+			var test = window.top.opener.document.domain ;
+			break ;
+		}
+		catch( e ) {}
+
+		// Remove a domain part: www.mytest.example.com => mytest.example.com => example.com ...
+		d = d.replace( /.*?(?:\\.|$)/, "" ) ;
+
+		if ( d.length == 0 )
+			break ;		// It was not able to detect the domain.
+
+		try
+		{
+			document.domain = d ;
+		}
+		catch (e)
+		{
+			break ;
+		}
+	}
+})() ;
 	window.parent.OnUploadCompleted(' + #errorNumber + ',"'
 		+ string_replace(#fileUrl, -find='"', -replace='\\"') + '","'
@@ -86,4 +115,7 @@
 	/define_tag;
 
+	if($CurrentFolder->(Find: '..') || $CurrentFolder->(Find: '\\'));
+		$errorNumber = 102;
+	/if;
 
 	if($config->find('Enabled'));
@@ -95,5 +127,7 @@
 			Was a file actually uploaded?
 			*/
-			file_uploads->size ? $NewFile = file_uploads->get(1) | $errorNumber = 202;
+			if($errorNumber != '102');
+				file_uploads->size ? $NewFile = file_uploads->get(1) | $errorNumber = 202;
+			/if;
 
 			if($errorNumber == 0);
Index: /FCKeditor/trunk/editor/filemanager/connectors/perl/connector.cgi
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/perl/connector.cgi	(revision 1796)
+++ /FCKeditor/trunk/editor/filemanager/connectors/perl/connector.cgi	(revision 1797)
@@ -102,5 +102,5 @@
 
 	# Check for invalid folder paths (..)
-	if ( $sCurrentFolder =~ /\.\./ ) {
+	if ( $sCurrentFolder =~ /(?:\.\.|\\)/ ) {
 		SendError( 102, "" ) ;
 	}
Index: /FCKeditor/trunk/editor/filemanager/connectors/perl/upload.cgi
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/perl/upload.cgi	(revision 1796)
+++ /FCKeditor/trunk/editor/filemanager/connectors/perl/upload.cgi	(revision 1797)
@@ -105,5 +105,5 @@
 
 	# Check for invalid folder paths (..)
-	if ( $sCurrentFolder =~ /\.\./ ) {
+	if ( $sCurrentFolder =~ /(?:\.\.|\\)/ ) {
 		SendError( 102, "" ) ;
 	}
Index: /FCKeditor/trunk/editor/filemanager/connectors/php/io.php
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/php/io.php	(revision 1796)
+++ /FCKeditor/trunk/editor/filemanager/connectors/php/io.php	(revision 1797)
@@ -241,5 +241,5 @@
 
 	// Check for invalid folder paths (..)
-	if ( strpos( $sCurrentFolder, '..' ) )
+	if ( strpos( $sCurrentFolder, '..' ) || strpos( $sCurrentFolder, "\\" ))
 		SendError( 102, '' ) ;
 
Index: /FCKeditor/trunk/editor/filemanager/connectors/py/fckutil.py
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/py/fckutil.py	(revision 1796)
+++ /FCKeditor/trunk/editor/filemanager/connectors/py/fckutil.py	(revision 1797)
@@ -90,5 +90,5 @@
 
 	# Check for invalid folder paths (..)
-	if '..' in currentFolder:
+	if '..' in currentFolder or '\\' in currentFolder:
 		return None
 
