]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1e20067)
Check if username is valid and remove slashes from filename
authorLukas Reschke <lukas@statuscode.ch>
Mon, 11 Mar 2013 15:21:26 +0000 (16:21 +0100)
committerLukas Reschke <lukas@statuscode.ch>
Mon, 11 Mar 2013 15:21:26 +0000 (16:21 +0100)
lib/migrate.php patch | blob | history

diff --git a/lib/migrate.php b/lib/migrate.php
index a0a329705a396a323973818d2c3bbba8e5465d95..0b319177400943bdc0b3808ac4e08fa7e7fc8036 100644 (file)
--- a/lib/migrate.php
+++ b/lib/migrate.php
@@ -246,11 +246,20 @@ class OC_Migrate{
                                        OC_Log::write( 'migration', 'User doesn\'t exist', OC_Log::ERROR );
                                        return json_encode( array( 'success' => false ) );
                                }
+
+                               // Check if the username is valid
+                               if( preg_match( '/[^a-zA-Z0-9 _\.@\-]/', $json->exporteduser )) {
+                                       OC_Log::write( 'migration', 'Username is not valid', OC_Log::ERROR );
+                                       return json_encode( array( 'success' => false ) );
+                               }
+
                                // Copy data
                                $userfolder = $extractpath . $json->exporteduser;
                                $newuserfolder = $datadir . '/' . self::$uid;
                                foreach(scandir($userfolder) as $file){
                                        if($file !== '.' && $file !== '..' && is_dir($file)) {
+                                               $file = str_replace(array('/', '\\'), '',  $file);
+
                                                // Then copy the folder over
                                                OC_Helper::copyr($userfolder.'/'.$file, $newuserfolder.'/'.$file);
                                        }
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server