fix validation of getfile parameter - i hate this bloody merge conflicts

diff --git a/lib/base.php b/lib/base.php
index 40df2b0c56cb3765249dc2002b90755a6fc44051..14f2439ecbd199ab8f65d05944f9f489fd320adc 100644 (file)
--- a/lib/base.php
+++ b/lib/base.php
@@ -443,8 +443,8 @@ class OC{
                        $_GET['getfile'] = $file;
                }
                if(!is_null(self::$REQUESTEDFILE)){
-                       $subdir = OC::$APPSROOT . '/' . self::$REQUESTEDAPP . '/' . self::$REQUESTEDFILE;
-                       $parent = OC::$APPSROOT . '/' . self::$REQUESTEDAPP;
+                       $subdir = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP . '/' . self::$REQUESTEDFILE;
+                       $parent = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP;
                        if(!OC_Helper::issubdirectory($subdir, $parent)){
                                self::$REQUESTEDFILE = null;
                                header('HTTP/1.0 404 Not Found');

diff --git a/lib/helper.php b/lib/helper.php
index 2ddd5e7b7787dd5cbe78fb12212863a961652802..5422d88398d76974386df160fe0e7c94881ab00c 100644 (file)
--- a/lib/helper.php
+++ b/lib/helper.php
@@ -576,14 +576,12 @@ class OC_Helper {
                                return true;
                        }
                }
-               /*
-               echo 'SUB: ' . $sub . "\n";
+               /*echo 'SUB: ' . $sub . "\n";
                echo 'PAR: ' . $parent . "\n";
                echo 'REALSUB: ' . $realpath_sub . "\n";
                echo 'REALPAR: ' . $realpath_parent . "\n";
                echo substr($realpath_sub, 0, strlen($realpath_parent));
-               exit;
-               */
+               exit;*/
                return false;
        }
 }