Path property security issue when adding filesystem repository
When adding a filesystem repository, one can enter whatever he wants into "path" property. This can lead to security issues. For example i entered "/" as path to a redmine project and i was able to see and modify all of the server root (linux) in which the application runs. (Such behaviour can be replicated in windows hosts by entering "C:/" into path).
So a folder definition for all repositories must be set in a config file (not via admin panel because it must not be changed). So that whatever path is entered, the root path will be the one set in config file.
I think this is a serious security issue.
You can see screenshots for information.