diff -r 6652291b30b5 -r d5d693273392 wp-admin/includes/file.php
--- a/wp/wp-admin/includes/file.php	Fri Aug 21 22:11:21 2015 +0200
+++ b/wp/wp-admin/includes/file.php	Sat Aug 22 13:31:14 2015 +0200
@@ -81,8 +81,9 @@
 	$siteurl = set_url_scheme( get_option( 'siteurl' ), 'http' );
 	if ( ! empty( $home ) && 0 !== strcasecmp( $home, $siteurl ) ) {
 		$wp_path_rel_to_home = str_ireplace( $home, '', $siteurl ); /* $siteurl - $home */
-		$pos = strripos( str_replace( '\\', '/', $_SERVER['SCRIPT_FILENAME'] ), trailingslashit( $wp_path_rel_to_home ) );
-		$home_path = substr( $_SERVER['SCRIPT_FILENAME'], 0, $pos );
+		$script_filename = wp_unslash( $_SERVER['SCRIPT_FILENAME'] );
+		$pos = strripos( str_replace( '\\', '/', $script_filename ), trailingslashit( $wp_path_rel_to_home ) );
+		$home_path = substr( $script_filename, 0, $pos );
 		$home_path = trailingslashit( $home_path );
 	} else {
 		$home_path = ABSPATH;