diff options
| author | Bernhard Posselt <nukeawhale@gmail.com> | 2013-03-11 08:43:09 -0700 |
|---|---|---|
| committer | Bernhard Posselt <nukeawhale@gmail.com> | 2013-03-11 08:43:09 -0700 |
| commit | 769317702fa058dcf2542886819e6463fb6144dc (patch) | |
| tree | 347fb601fda06cabe27de439b5bf453fb0244abb | |
| parent | 1e20067c005a2363b06b8e163c95c75a32dea3b0 (diff) | |
| parent | 3ae70ab162c005a8931e757f29536e10d2d5fe7a (diff) | |
| download | nextcloud-server-769317702fa058dcf2542886819e6463fb6144dc.tar.gz nextcloud-server-769317702fa058dcf2542886819e6463fb6144dc.zip | |
Merge pull request #2236 from owncloud/fix-migration
Check if username is valid and remove slashes from filename
| -rw-r--r-- | lib/migrate.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/migrate.php b/lib/migrate.php index a0a329705a3..0b319177400 100644 --- a/lib/migrate.php +++ b/lib/migrate.php @@ -246,11 +246,20 @@ class OC_Migrate{ OC_Log::write( 'migration', 'User doesn\'t exist', OC_Log::ERROR ); return json_encode( array( 'success' => false ) ); } + + // Check if the username is valid + if( preg_match( '/[^a-zA-Z0-9 _\.@\-]/', $json->exporteduser )) { + OC_Log::write( 'migration', 'Username is not valid', OC_Log::ERROR ); + return json_encode( array( 'success' => false ) ); + } + // Copy data $userfolder = $extractpath . $json->exporteduser; $newuserfolder = $datadir . '/' . self::$uid; foreach(scandir($userfolder) as $file){ if($file !== '.' && $file !== '..' && is_dir($file)) { + $file = str_replace(array('/', '\\'), '', $file); + // Then copy the folder over OC_Helper::copyr($userfolder.'/'.$file, $newuserfolder.'/'.$file); } |