Index: /FCKeditor.Net/trunk/FileBrowser/Connector.cs
===================================================================
--- /FCKeditor.Net/trunk/FileBrowser/Connector.cs	(revision 3819)
+++ /FCKeditor.Net/trunk/FileBrowser/Connector.cs	(revision 3820)
@@ -27,4 +27,5 @@
 using System.Xml ;
 using System.Web ;
+using System.Text.RegularExpressions;
 
 namespace FredCK.FCKeditorV2.FileBrowser
@@ -56,5 +57,5 @@
 			if ( !Config.CheckIsTypeAllowed( sResourceType ) )
 			{
-				XmlResponseHandler.SendError( Response, 1, "Invalid resource type specified." ) ;
+				XmlResponseHandler.SendError( Response, 1, "Invalid type specified" ) ;
 				return ;
 			}
@@ -65,4 +66,10 @@
 			if ( ! sCurrentFolder.StartsWith( "/" ) )
 				sCurrentFolder = "/" + sCurrentFolder ;
+
+			if ( Regex.IsMatch( sCurrentFolder, @"(/\.)|(\.\.)|(//)|([\\:\*\?""\<\>\|\p{C}])" ) )
+			{
+				XmlResponseHandler.SendError( Response, 102, "" );
+				return;
+			}
 
 			// Check for invalid folder paths (..).
@@ -96,4 +103,7 @@
 					this.CreateFolder( oConnectorNode, sResourceType, sCurrentFolder ) ;
 					break ;
+				default :
+					XmlResponseHandler.SendError( Response, 1, "Command is not allowed" ) ;
+					break;
 			}
 
Index: /FCKeditor.Net/trunk/FileBrowser/XmlResponseHandler.cs
===================================================================
--- /FCKeditor.Net/trunk/FileBrowser/XmlResponseHandler.cs	(revision 3819)
+++ /FCKeditor.Net/trunk/FileBrowser/XmlResponseHandler.cs	(revision 3820)
@@ -109,5 +109,8 @@
 			response.Write( "<?xml version=\"1.0\" encoding=\"utf-8\" ?>" ) ;
 			response.Write( "<Connector>" );
-			response.Write( "<Error number=\"" + errorNumber + "\" text=\"" + HttpUtility.HtmlEncode( errorText ) + "\" />" );
+			if (errorText.Length > 0)
+				response.Write( "<Error number=\"" + errorNumber + "\" text=\"" + HttpUtility.HtmlEncode( errorText ) + "\" />" );
+			else
+				response.Write("<Error number=\"" + errorNumber + "\" />");
 			response.Write( "</Connector>" );