diff --git a/core.php b/core.php
index 26f3524..316f00b 100644
--- a/core.php
+++ b/core.php
@@ -298,6 +298,8 @@ function makepathsafe($string)
$string = preg_replace("/[?%*:|\"><()\\[\\]]/i", "", $string);
// Collapse multiple dots into a single dot
$string = preg_replace("/\.+/", ".", $string);
+ // Don't allow slashes at the beginning
+ $string = ltrim($string, "\\/");
return $string;
}
@@ -924,7 +926,7 @@ class page_renderer
{content}
-
+ {extra}