Index: wp-admin/includes/file.php
===================================================================
--- wp-admin/includes/file.php	(revision 17248)
+++ wp-admin/includes/file.php	(working copy)
@@ -301,6 +301,7 @@
 	$test_form = true;
 	$test_size = true;
 	$test_upload = true;
+	$test_filename = true;
 
 	// If you override this, you must provide $ext and $type!!!!
 	$test_type = true;
@@ -327,6 +328,11 @@
 		return call_user_func($upload_error_handler, $file, $error_msg);
 	}
 
+	// Ensure filenames don't contain more than one contiguous period character
+	if ( $test_filename && stristr( $file['name'], '..' ) !== false )
+		return call_user_func($upload_error_handler, $file, __( 'Please rename your file to avoid ".." within the file name.' ));
+
 	// A properly uploaded file will pass this test. There should be no reason to override this one.
 	if ( $test_upload && ! @ is_uploaded_file( $file['tmp_name'] ) )
 		return call_user_func($upload_error_handler, $file, __( 'Specified file failed upload test.' ));