fix security issue, don't allow to go back in the path

This commit is contained in:
Björn Schießle 2012-09-26 21:35:14 +02:00
parent a7292e897a
commit 9ab887fed5
1 changed files with 1 additions and 1 deletions

View File

@ -5,7 +5,7 @@ OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck();
$view = \OCP\Files::getStorage("files_external");
$cert = $_POST['cert'];
$cert = ltrim($_POST['cert'], "/.");
$file = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/'.$cert;
unlink($file);
OC_Mount_Config::createCertificateBundle();