From aa9ffd119aea9a2cb527a0ac662fcdaad464fc68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Schie=C3=9Fle?= Date: Thu, 27 Sep 2012 12:37:23 +0200 Subject: [PATCH] check if file really exist before add/remove it --- apps/files_external/ajax/addRootCertificate.php | 5 +++++ apps/files_external/ajax/removeRootCertificate.php | 11 +++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/apps/files_external/ajax/addRootCertificate.php b/apps/files_external/ajax/addRootCertificate.php index 42927b8606..e0a0239c95 100644 --- a/apps/files_external/ajax/addRootCertificate.php +++ b/apps/files_external/ajax/addRootCertificate.php @@ -2,6 +2,11 @@ OCP\JSON::checkAppEnabled('files_external'); +if ( !($filename = $_FILES['rootcert_import']['name']) ) { + header("Location: settings/personal.php"); + exit; +} + $fh = fopen($_FILES['rootcert_import']['tmp_name'], 'r'); $data = fread($fh, filesize($_FILES['rootcert_import']['tmp_name'])); fclose($fh); diff --git a/apps/files_external/ajax/removeRootCertificate.php b/apps/files_external/ajax/removeRootCertificate.php index 8c196eddf5..6871b0fd1d 100644 --- a/apps/files_external/ajax/removeRootCertificate.php +++ b/apps/files_external/ajax/removeRootCertificate.php @@ -5,7 +5,10 @@ OCP\JSON::checkLoggedIn(); OCP\JSON::callCheck(); $view = \OCP\Files::getStorage("files_external"); -$cert = ltrim($_POST['cert'], "/\\."); -$file = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/'.$cert; -unlink($file); -OC_Mount_Config::createCertificateBundle(); +$file = 'uploads/'.ltrim($_POST['cert'], "/\\."); + +if ( $view->file_exists($file) ) { + $view->unlink($file); + OC_Mount_Config::createCertificateBundle(); +} +