From 3b9bf83fe7833c2cf8d1d9fc2f0f2a41b2a92ebc Mon Sep 17 00:00:00 2001
From: Thomas Tanghus <thomas@tanghus.net>
Date: Mon, 4 Jun 2012 13:38:11 +0200
Subject: [PATCH] Contacts: Make tmp file cleaup a bit safer.

---
 apps/contacts/ajax/cleanupphoto.php | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/apps/contacts/ajax/cleanupphoto.php b/apps/contacts/ajax/cleanupphoto.php
index 6fd2c351565..2bb4bd65846 100644
--- a/apps/contacts/ajax/cleanupphoto.php
+++ b/apps/contacts/ajax/cleanupphoto.php
@@ -17,9 +17,6 @@
  *
  * You should have received a copy of the GNU Affero General Public
  * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
- *
- * TODO: Translatable strings.
- *       Remember to delete tmp file at some point.
  */
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
@@ -30,7 +27,7 @@ $tmp_path = isset($_POST['tmp_path']) ? $_POST['tmp_path'] : '';
 // give some time to save the photo
 sleep(5);
 
-if($tmp_path != '' && file_exists($tmp_path)) {
+if($tmp_path != '' && file_exists($tmp_path) && !is_dir($tmp_path) && dirname($tmp_path)==get_temp_dir()) {
 	unlink($tmp_path);
 	OCP\JSON::success();
 	exit();
@@ -38,4 +35,3 @@ if($tmp_path != '' && file_exists($tmp_path)) {
 	error_log('Couldn\'t find: '.$tmp_path);
 	OCP\JSON::error();
 }
-?>
-- 
2.39.5