diff options
| author | Thomas Tanghus <thomas@tanghus.net> | 2012-06-04 13:38:11 +0200 |
|---|---|---|
| committer | Thomas Tanghus <thomas@tanghus.net> | 2012-06-04 13:38:37 +0200 |
| commit | 3b9bf83fe7833c2cf8d1d9fc2f0f2a41b2a92ebc (patch) | |
| tree | 90976601110558984538da237b2926e160b1ca32 | |
| parent | 782d82730a3641599edec8d0b70f96c5f37ee49c (diff) | |
| download | nextcloud-server-3b9bf83fe7833c2cf8d1d9fc2f0f2a41b2a92ebc.tar.gz nextcloud-server-3b9bf83fe7833c2cf8d1d9fc2f0f2a41b2a92ebc.zip | |
Contacts: Make tmp file cleaup a bit safer.
| -rw-r--r-- | apps/contacts/ajax/cleanupphoto.php | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/apps/contacts/ajax/cleanupphoto.php b/apps/contacts/ajax/cleanupphoto.php index 6fd2c351565..2bb4bd65846 100644 --- a/apps/contacts/ajax/cleanupphoto.php +++ b/apps/contacts/ajax/cleanupphoto.php @@ -17,9 +17,6 @@ * * You should have received a copy of the GNU Affero General Public * License along with this library. If not, see <http://www.gnu.org/licenses/>. - * - * TODO: Translatable strings. - * Remember to delete tmp file at some point. */ // Check if we are a user OCP\JSON::checkLoggedIn(); @@ -30,7 +27,7 @@ $tmp_path = isset($_POST['tmp_path']) ? $_POST['tmp_path'] : ''; // give some time to save the photo sleep(5); -if($tmp_path != '' && file_exists($tmp_path)) { +if($tmp_path != '' && file_exists($tmp_path) && !is_dir($tmp_path) && dirname($tmp_path)==get_temp_dir()) { unlink($tmp_path); OCP\JSON::success(); exit(); @@ -38,4 +35,3 @@ if($tmp_path != '' && file_exists($tmp_path)) { error_log('Couldn\'t find: '.$tmp_path); OCP\JSON::error(); } -?> |