Filter out %0A from paths

This commit is contained in:
Joas Schilling 2016-09-01 10:06:06 +02:00
parent e6c8c33b03
commit ed0f0db5fa
No known key found for this signature in database
GPG Key ID: E166FD8976B3BAC8
2 changed files with 8 additions and 2 deletions

View File

@ -1400,6 +1400,10 @@
return OC.linkTo('files', 'index.php')+"?dir="+ encodeURIComponent(dir).replace(/%2F/g, '/');
},
/**
* @param {string} path
* @returns {boolean}
*/
_isValidPath: function(path) {
var sections = path.split('/');
for (var i = 0; i < sections.length; i++) {
@ -1407,7 +1411,8 @@
return false;
}
}
return true;
return path.toLowerCase().indexOf(decodeURI('%0a')) === -1;
},
/**

View File

@ -1379,9 +1379,10 @@ describe('OCA.Files.FileList tests', function() {
'/abc/..',
'/abc/../',
'/../abc/',
'/foo%0Abar/',
'/another\\subdir/../foo\\../bar\\..\\file/..\\folder/../'
], function(path) {
fileList.changeDirectory(path);
fileList.changeDirectory(decodeURI(path));
expect(fileList.getCurrentDirectory()).toEqual('/');
});
});