diff -urN orig-mlmmj/contrib/web/php-admin/htdocs/edit.php mlmmj/contrib/web/php-admin/htdocs/edit.php
--- orig-mlmmj/contrib/web/php-admin/htdocs/edit.php	2005-05-09 16:36:09.000000000 +0200
+++ mlmmj/contrib/web/php-admin/htdocs/edit.php	2010-06-26 10:33:17.075405396 +0200
@@ -104,6 +104,15 @@
 if(!isset($list))
 die("no list specified");
 
+if (strchr($list, "/") !== false)
+die("slash in list name");
+
+if ($list == ".")
+die("list name is dot");
+
+if ($list == "..")
+die("list name is dot-dot");
+
 if(!is_dir($topdir."/".$list))
 die("non-existent list");
 
diff -urN orig-mlmmj/contrib/web/php-admin/htdocs/save.php mlmmj/contrib/web/php-admin/htdocs/save.php
--- orig-mlmmj/contrib/web/php-admin/htdocs/save.php	2005-05-09 16:36:09.000000000 +0200
+++ mlmmj/contrib/web/php-admin/htdocs/save.php	2010-06-26 10:33:31.295405214 +0200
@@ -79,6 +79,15 @@
 if(!isset($list))
 die("no list specified");
 
+if (strchr($list, "/") !== false)
+die("slash in list name");
+
+if ($list == ".")
+die("list name is dot");
+
+if ($list == "..")
+die("list name is dot-dot");
+
 if(!is_dir($topdir."/".$list))
 die("non-existent list");