From: Thomas Tanghus <thomas@tanghus.net>
Date: Mon, 4 Jun 2012 11:38:11 +0000 (+0200)
Subject: Contacts: Make tmp file cleaup a bit safer.
X-Git-Tag: v4.5.0beta1~74^2~424^2~36
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=3b9bf83fe7833c2cf8d1d9fc2f0f2a41b2a92ebc;p=nextcloud-server.git

Contacts: Make tmp file cleaup a bit safer.
---

diff --git a/apps/contacts/ajax/cleanupphoto.php b/apps/contacts/ajax/cleanupphoto.php
index 6fd2c351565..2bb4bd65846 100644
--- a/apps/contacts/ajax/cleanupphoto.php
+++ b/apps/contacts/ajax/cleanupphoto.php
@@ -17,9 +17,6 @@
  *
  * You should have received a copy of the GNU Affero General Public
  * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
- *
- * TODO: Translatable strings.
- *       Remember to delete tmp file at some point.
  */
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
@@ -30,7 +27,7 @@ $tmp_path = isset($_POST['tmp_path']) ? $_POST['tmp_path'] : '';
 // give some time to save the photo
 sleep(5);
 
-if($tmp_path != '' && file_exists($tmp_path)) {
+if($tmp_path != '' && file_exists($tmp_path) && !is_dir($tmp_path) && dirname($tmp_path)==get_temp_dir()) {
 	unlink($tmp_path);
 	OCP\JSON::success();
 	exit();
@@ -38,4 +35,3 @@ if($tmp_path != '' && file_exists($tmp_path)) {
 	error_log('Couldn\'t find: '.$tmp_path);
 	OCP\JSON::error();
 }
-?>