* Added the !== false bit to the strstr so that even if the first three

  characters are ../, this would register a hit properly.

src/right_main.php

@@ -81,7 +81,7 @@
    }
 
    // compensate for the UW vulnerability
-   if ($imap_server_type == 'uw' && (strstr($mailbox, '../') ||
+   if ($imap_server_type == 'uw' && (strstr($mailbox, '../') !== false ||
                                      substr($mailbox, 0, 1) == '/')) {
       $mailbox = 'INBOX';
    }