Also allow open_file.php to be called with a path paramater instead of only with seperate dir/file

1 files changed, 9 insertions, 5 deletions

diff --git a/files/open_file.php b/files/open_file.php
index b91f72aaf31..ed1a1e47b1a 100644
--- a/files/open_file.php
+++ b/files/open_file.php
@@ -24,12 +24,16 @@
 
 require_once('../inc/lib_base.php');
 
-$file=$_GET['file'];
-$dir=(isset($_GET['dir']))?$_GET['dir']:'';
-if(strstr($file,'..') or strstr($dir,'..')){
-    die();
+if(isset($_GET['path'])){
+	$filename=$_GET['path'];
+}else{
+	$file=$_GET['file'];
+	$dir=(isset($_GET['dir']))?$_GET['dir']:'';
+	$filename=$dir.'/'.$file;
+}
+if(strstr($filename,'..')){
+	die();
 }
-$filename=$dir.'/'.$file;
 $filename=stripslashes($filename);
 $ftype=OC_FILESYSTEM::getMimeType($filename);
 ob_end_clean();