diff --git a/app/edit/file_read.php b/app/edit/file_read.php
index 48e40b4a6e..f9b82139b8 100644
--- a/app/edit/file_read.php
+++ b/app/edit/file_read.php
@@ -38,18 +38,83 @@
 		exit;
 	}
 
-//get the file name
+//get the directory
+	if (!isset($_SESSION)) { session_start(); }
+	switch ($_SESSION["app"]["edit"]["dir"]) {
+		case 'scripts':
+			$edit_directory = $_SESSION['switch']['scripts']['dir'];
+			break;
+		case 'php':
+			$edit_directory = $_SERVER["DOCUMENT_ROOT"].'/'.PROJECT_PATH;
+			break;
+		case 'grammer':
+			$edit_directory = $_SESSION['switch']['grammar']['dir'];
+			break;
+		case 'provision':
+			switch (PHP_OS) {
+				case "Linux":
+					if (file_exists('/etc/fusionpbx/resources/templates/provision')) {
+						$edit_directory = '/etc/fusionpbx/resources/templates/provision';
+					}
+					else {
+						$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
+					}
+					break;
+				case "FreeBSD":
+					if (file_exists('/usr/local/etc/fusionpbx/resources/templates/provision')) {
+						$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
+					}
+					else {
+						$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
+					}
+					break;
+				case "NetBSD":
+					$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
+					break;
+				case "OpenBSD":
+					$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
+					break;
+				default:
+					$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
+			}
+			break;
+		case 'xml':
+			$edit_directory = $_SESSION['switch']['conf']['dir'];
+			break;
+	}
+	if (!isset($edit_directory)) {
+		foreach ($_SESSION['editor']['path'] as $path) {
+			if ($_SESSION["app"]["edit"]["dir"] == $path) {
+				$edit_directory = $path;
+				break;
+			}
+		}
+	}
+
+//set the file variable
 	$file_name = $_POST["file"];
+
+//remove attempts to change the directory
+	$file_name = str_replace('..', '', $file_name);
 	$file_name = str_replace ("\\", "/", $file_name);
 
-//get the contents of the file
-	$handle = fopen($file_name, "r");
-	if ($handle) {
-		while (!feof($handle)) {
-			$buffer = fgets($handle, 4096);
-			echo $buffer;
+//break the path into an array
+	$path_array = pathinfo($file_name);
+	$path_prefix = substr($path_array['dirname'], 0, strlen($edit_directory));
+
+//validate the path
+	if ($path_prefix == $edit_directory) {
+
+		//get the contents of the file
+		$handle = fopen($file_name, "r");
+		if ($handle) {
+			while (!feof($handle)) {
+				$buffer = fgets($handle, 4096);
+				echo $buffer;
+			}
+			fclose($handle);
 		}
-		fclose($handle);
+
 	}
 
 ?>