mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix validation of getfile parameter - i hate this bloody merge conflicts

This commit is contained in:
Georg Ehrke 2012-05-07 13:20:43 +02:00
parent 8534373f2f
commit d032345191
2 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/base.php
View File

@ -443,8 +443,8 @@ class OC{
$_GET['getfile'] = $file;
}
if(!is_null(self::$REQUESTEDFILE)){
$subdir = OC::$APPSROOT . '/' . self::$REQUESTEDAPP . '/' . self::$REQUESTEDFILE;
$parent = OC::$APPSROOT . '/' . self::$REQUESTEDAPP;
$subdir = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP . '/' . self::$REQUESTEDFILE;
$parent = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP;
if(!OC_Helper::issubdirectory($subdir, $parent)){
self::$REQUESTEDFILE = null;
header('HTTP/1.0 404 Not Found');

6
lib/helper.php
View File

@ -576,14 +576,12 @@ class OC_Helper {
return true;
}
}
/*
echo 'SUB: ' . $sub . "\n";
/*echo 'SUB: ' . $sub . "\n";
echo 'PAR: ' . $parent . "\n";
echo 'REALSUB: ' . $realpath_sub . "\n";
echo 'REALPAR: ' . $realpath_parent . "\n";
echo substr($realpath_sub, 0, strlen($realpath_parent));
exit;
*/
exit;*/
return false;
}
}