From e0f6ad1c9cfb06fc6b1c47dc9f32a80382fb2114 Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind1991@gmail.com>
Date: Tue, 4 Jan 2011 23:02:38 +0100
Subject: [PATCH] Also allow open_file.php to be called with a path paramater
 instead of only with seperate dir/file

---
 files/open_file.php | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/files/open_file.php b/files/open_file.php
index b91f72aaf3..ed1a1e47b1 100644
--- a/files/open_file.php
+++ b/files/open_file.php
@@ -24,12 +24,16 @@
 
 require_once('../inc/lib_base.php');
 
-$file=$_GET['file'];
-$dir=(isset($_GET['dir']))?$_GET['dir']:'';
-if(strstr($file,'..') or strstr($dir,'..')){
-    die();
+if(isset($_GET['path'])){
+	$filename=$_GET['path'];
+}else{
+	$file=$_GET['file'];
+	$dir=(isset($_GET['dir']))?$_GET['dir']:'';
+	$filename=$dir.'/'.$file;
+}
+if(strstr($filename,'..')){
+	die();
 }
-$filename=$dir.'/'.$file;
 $filename=stripslashes($filename);
 $ftype=OC_FILESYSTEM::getMimeType($filename);
 ob_end_clean();