diff options
| author | Georg Ehrke <dev@georgswebsite.de> | 2012-05-07 13:20:43 +0200 |
|---|---|---|
| committer | Georg Ehrke <dev@georgswebsite.de> | 2012-05-07 13:23:55 +0200 |
| commit | d032345191c57294d5723639f777692c85bd2b1a (patch) | |
| tree | db8e171a698fc96d9d21be2457612f9832d1b2c5 | |
| parent | 8534373f2fea5268112fb7dee0faa2caf1106d05 (diff) | |
| download | nextcloud-server-d032345191c57294d5723639f777692c85bd2b1a.tar.gz nextcloud-server-d032345191c57294d5723639f777692c85bd2b1a.zip | |
fix validation of getfile parameter - i hate this bloody merge conflicts
| -rw-r--r-- | lib/base.php | 4 | ||||
| -rw-r--r-- | lib/helper.php | 6 |
2 files changed, 4 insertions, 6 deletions
diff --git a/lib/base.php b/lib/base.php index 40df2b0c56c..14f2439ecbd 100644 --- a/lib/base.php +++ b/lib/base.php @@ -443,8 +443,8 @@ class OC{ $_GET['getfile'] = $file; } if(!is_null(self::$REQUESTEDFILE)){ - $subdir = OC::$APPSROOT . '/' . self::$REQUESTEDAPP . '/' . self::$REQUESTEDFILE; - $parent = OC::$APPSROOT . '/' . self::$REQUESTEDAPP; + $subdir = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP . '/' . self::$REQUESTEDFILE; + $parent = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP; if(!OC_Helper::issubdirectory($subdir, $parent)){ self::$REQUESTEDFILE = null; header('HTTP/1.0 404 Not Found'); diff --git a/lib/helper.php b/lib/helper.php index 2ddd5e7b778..5422d88398d 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -576,14 +576,12 @@ class OC_Helper { return true; } } - /* - echo 'SUB: ' . $sub . "\n"; + /*echo 'SUB: ' . $sub . "\n"; echo 'PAR: ' . $parent . "\n"; echo 'REALSUB: ' . $realpath_sub . "\n"; echo 'REALPAR: ' . $realpath_parent . "\n"; echo substr($realpath_sub, 0, strlen($realpath_parent)); - exit; - */ + exit;*/ return false; } } |