nextcloud/apps
Lukas Reschke 2da43e3751
Do not allow directory traversal using "../"
We should not allow directory traversals using "../" here.

To test access the following URL once with and then without this patch:

http://localhost/server/index.php/apps/files/?dir=../../This+Should+Not+Be+Here
2016-07-01 13:33:00 +02:00
..
admin_audit don't try to log the currently logged in user, this fails on cronjobs. The users are logged anyway 2016-06-22 14:39:07 +02:00
comments Backport translations to stable9 2016-03-22 13:10:33 +01:00
dav Merge pull request #254 from nextcloud/fix-229-stable9 2016-06-30 17:43:46 +02:00
encryption fixed code 2016-06-20 18:50:56 +02:00
federatedfilesharing fixed code 2016-06-20 18:50:56 +02:00
federation fix references in the federation app 2016-06-20 15:02:58 +02:00
files Do not allow directory traversal using "../" 2016-07-01 13:33:00 +02:00
files_external [stable9] Backport WND 2016-06-30 15:36:03 +02:00
files_sharing Merge remote-tracking branch 'upstream/stable9' into stable9-upstream-sync 2016-06-26 12:48:19 +02:00
files_trashbin no need to mention ownCloud explicitely 2016-06-20 15:16:04 +02:00
files_versions check permissions before rollback 2016-06-30 14:22:40 +02:00
provisioning_api fixed code 2016-06-20 18:50:56 +02:00
systemtags Backport translations to stable9 2016-03-22 13:10:33 +01:00
testing Add new apps 2016-03-01 17:52:32 +01:00
updatenotification Revert "[stable9] Don't show the updater if updater is incompatible" 2016-06-26 17:33:05 +02:00
user_ldap Merge remote-tracking branch 'upstream/stable9' into stable9-upstream-sync 2016-06-26 12:48:19 +02:00