From 626e87aa542adaee123c7c4104411238b43b3333 Mon Sep 17 00:00:00 2001
From: Andreas Fischer <bantu@owncloud.com>
Date: Sun, 9 Feb 2014 15:56:26 +0100
Subject: [PATCH] Output validation for exec() method.

---
 lib/private/largefilehelper.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/private/largefilehelper.php b/lib/private/largefilehelper.php
index ca8f752217..751e60de53 100644
--- a/lib/private/largefilehelper.php
+++ b/lib/private/largefilehelper.php
@@ -92,10 +92,15 @@ class LargeFileHelper {
 	public function getFilesizeViaExec($filename) {
 		if (\OC_Helper::is_function_enabled('exec')) {
 			$os = strtolower(php_uname('s'));
+			$result = '';
 			if (strpos($os, 'linux') !== false) {
-				return 0 + exec('stat -c %s ' . escapeshellarg($filename));
+				$result = trim(exec('stat -c %s ' . escapeshellarg($filename)));
 			} else if (strpos($os, 'bsd') !== false) {
-				return 0 + exec('stat -f %z ' . escapeshellarg($filename));
+				$result = trim(exec('stat -f %z ' . escapeshellarg($filename)));
+			}
+
+			if (ctype_digit($result)) {
+				return 0 + $result;
 			}
 		}
 		return null;