fix uploading files to folders with special characters in the name

2 files changed, 3 insertions, 5 deletions

diff --git a/files/upload.php b/files/upload.php
index 1190b466eac..e84cf8303db 100644..100755
--- a/files/upload.php
+++ b/files/upload.php
@@ -22,11 +22,9 @@
 */
 require_once('../inc/lib_base.php');
 
-// sleep(5); //immitate slow internet.
-
 $fileName=$_FILES['file']['name'];
 $source=$_FILES['file']['tmp_name'];
-$target=$_GET['dir'].'/'.$fileName;
+$target=stripslashes($_GET['dir']).'/'.$fileName;
 if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($_GET['dir'],'..')===false){
    if(OC_FILESYSTEM::fromTmpFile($source,$target)){
       echo 'true';
diff --git a/js/filebrowser.js b/js/filebrowser.js
index 1ad37ebcf3f..a12a7cd715c 100644
--- a/js/filebrowser.js
+++ b/js/filebrowser.js
@@ -310,7 +310,7 @@ OC_FILES.browser.show_callback=function(content){
 		OC_FILES.browser.files.show(null,content);
 	}
 	if(OC_FILES.uploadForm){
-		OC_FILES.uploadForm.setAttribute('action','files/upload.php?dir='+dir);
+		OC_FILES.uploadForm.setAttribute('action','files/upload.php?dir='+encodeURIComponent(dir));
 	}
 }
 
@@ -423,7 +423,7 @@ OC_FILES.browser.showuploader=function(dir,parent,max_upload){
 	var iframeId=OC_FILES.uploadIFrames.length
 	OC_FILES.uploadForm=document.createElement('form');
 	OC_FILES.uploadForm.setAttribute('target','uploadIFrame'+iframeId);
-	OC_FILES.uploadForm.setAttribute('action','files/upload.php?dir='+dir);
+	OC_FILES.uploadForm.setAttribute('action','files/upload.php?dir='+encodeURIComponent(dir));
 	OC_FILES.uploadForm.method='post';
 	OC_FILES.uploadForm.setAttribute('enctype','multipart/form-data');
 	OC_FILES.uploadIFrames[iframeId]=document.createElement('iframe');