From 9622fbdf292298458427ac6a33d65aba8f07b395 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Thu, 26 Mar 2015 23:14:24 +0100
Subject: [PATCH] Filter potential dangerous characters in path name

We should not allow / or \ in the postfix here.
---
 lib/private/tempmanager.php |  5 +++++
 tests/lib/tempmanager.php   | 13 +++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/lib/private/tempmanager.php b/lib/private/tempmanager.php
index 197c0233142..5ab1427c505 100644
--- a/lib/private/tempmanager.php
+++ b/lib/private/tempmanager.php
@@ -54,10 +54,15 @@ class TempManager implements ITempManager {
 		$this->log = $logger;
 	}
 
+	/**
+	 * @param string $postFix
+	 * @return string
+	 */
 	protected function generatePath($postFix) {
 		if ($postFix) {
 			$postFix = '.' . ltrim($postFix, '.');
 		}
+		$postFix = str_replace(['\\', '/'], '', $postFix);
 		return $this->tmpBaseDir . '/oc_tmp_' . md5(time() . rand()) . $postFix;
 	}
 
diff --git a/tests/lib/tempmanager.php b/tests/lib/tempmanager.php
index 427e260c3fb..9bedd7c401b 100644
--- a/tests/lib/tempmanager.php
+++ b/tests/lib/tempmanager.php
@@ -151,4 +151,17 @@ class TempManager extends \Test\TestCase {
 			->with($this->stringContains('Can not create a temporary folder in directory'));
 		$this->assertFalse($manager->getTemporaryFolder());
 	}
+
+	public function testGeneratePathTraversal() {
+		$logger = $this->getMock('\Test\NullLogger');
+		$tmpManager = \Test_Helper::invokePrivate(
+			$this->getManager($logger),
+			'generatePath',
+			['../Traversal\\../FileName']
+		);
+
+		$this->assertStringEndsNotWith('./Traversal\\../FileName', $tmpManager);
+		$this->assertStringEndsWith('.Traversal..FileName', $tmpManager);
+
+	}
 }
-- 
2.39.5