prevent creating files with a / the name

This commit is contained in:
Robin Appelman 2012-06-06 00:02:13 +02:00
parent 3ce6344d40
commit e6c4e53486
3 changed files with 13 additions and 0 deletions

View File

@ -15,6 +15,10 @@ if($filename == '') {
OCP\JSON::error(array("data" => array( "message" => "Empty Filename" ))); OCP\JSON::error(array("data" => array( "message" => "Empty Filename" )));
exit(); exit();
} }
if(strpos($filename,'/')!==false){
OCP\JSON::error(array("data" => array( "message" => "Invalid Filename" )));
exit();
}
if($source){ if($source){
if(substr($source,0,8)!='https://' and substr($source,0,7)!='http://'){ if(substr($source,0,8)!='https://' and substr($source,0,7)!='http://'){

View File

@ -13,6 +13,10 @@ if(trim($foldername) == '') {
OCP\JSON::error(array("data" => array( "message" => "Empty Foldername" ))); OCP\JSON::error(array("data" => array( "message" => "Empty Foldername" )));
exit(); exit();
} }
if(strpos($filename,'/')!==false){
OCP\JSON::error(array("data" => array( "message" => "Invalid Foldername" )));
exit();
}
if(OC_Files::newFile($dir, stripslashes($foldername), 'dir')) { if(OC_Files::newFile($dir, stripslashes($foldername), 'dir')) {
OCP\JSON::success(array("data" => array())); OCP\JSON::success(array("data" => array()));

View File

@ -452,6 +452,11 @@ $(document).ready(function() {
input.focus(); input.focus();
input.change(function(){ input.change(function(){
var name=$(this).val(); var name=$(this).val();
if(name.indexOf('/')!=-1){
$('#notification').text(t('files','Invalid name, \'/\' is not allowed.'));
$('#notification').fadeIn();
return;
}
switch(type){ switch(type){
case 'file': case 'file':
$.post( $.post(