Filter potential dangerous characters in path name

We should not allow / or \ in the postfix here.

diff --git a/lib/private/tempmanager.php b/lib/private/tempmanager.php
index 197c023314242e25cdb0204d9ac782be85f4f5f8..5ab1427c5054d207e25abd30e3cd588bd064ca83 100644 (file)
--- a/lib/private/tempmanager.php
+++ b/lib/private/tempmanager.php
@@ -54,10 +54,15 @@ class TempManager implements ITempManager {
                $this->log = $logger;
        }
 
+       /**
+        * @param string $postFix
+        * @return string
+        */
        protected function generatePath($postFix) {
                if ($postFix) {
                        $postFix = '.' . ltrim($postFix, '.');
                }
+               $postFix = str_replace(['\\', '/'], '', $postFix);
                return $this->tmpBaseDir . '/oc_tmp_' . md5(time() . rand()) . $postFix;
        }
 

diff --git a/tests/lib/tempmanager.php b/tests/lib/tempmanager.php
index 427e260c3fbad95ce04e444933221fd750a139e3..9bedd7c401b0b79187fa60179e1d0d8ad1c65706 100644 (file)
--- a/tests/lib/tempmanager.php
+++ b/tests/lib/tempmanager.php
@@ -151,4 +151,17 @@ class TempManager extends \Test\TestCase {
                        ->with($this->stringContains('Can not create a temporary folder in directory'));
                $this->assertFalse($manager->getTemporaryFolder());
        }
+
+       public function testGeneratePathTraversal() {
+               $logger = $this->getMock('\Test\NullLogger');
+               $tmpManager = \Test_Helper::invokePrivate(
+                       $this->getManager($logger),
+                       'generatePath',
+                       ['../Traversal\\../FileName']
+               );
+
+               $this->assertStringEndsNotWith('./Traversal\\../FileName', $tmpManager);
+               $this->assertStringEndsWith('.Traversal..FileName', $tmpManager);
+
+       }
 }