Check for blacklisted characters

Fixes https://github.com/owncloud/core/issues/11264

(This should in future get moved to the mountpoint class - but that is something for @icewind1991 ;-))

diff --git a/apps/files_sharing/ajax/external.php b/apps/files_sharing/ajax/external.php
index 544a97e80be131c43899d49b975074a72b2b7cba..6d68b5f7f82f91e11d57493f2f2862bbd1581c43 100644 (file)
--- a/apps/files_sharing/ajax/external.php
+++ b/apps/files_sharing/ajax/external.php
@@ -24,6 +24,12 @@ $owner = $_POST['owner'];
 $name = $_POST['name'];
 $password = $_POST['password'];
 
+// Check for invalid name
+if(!\OCP\Util::isValidFileName($name)) {
+       \OCP\JSON::error(array('data' => array('message' => $l->t('The mountpoint name contains invalid characters.'))));
+       exit();
+}
+
 $externalManager = new \OCA\Files_Sharing\External\Manager(
        \OC::$server->getDatabaseConnection(),
        \OC\Files\Filesystem::getMountManager(),