stripsplashes doesn't work if the slash is the only character -> creating file in root dir leads to "//filename"

author: Björn Schießle <schiessle@owncloud.com> 2012-10-05 11:15:32 +0200
committer: Björn Schießle <schiessle@owncloud.com> 2012-10-05 11:15:32 +0200
commit: f4136854b6e8ccf88e3e0de3ff1202845be8f903 (patch)
tree: 7fff9cb2fbb8fe6a91d62da615b172016ed541e1
parent: a611ce4f3327fda869884415c76c3dd64345e2c2 (diff)
download: nextcloud-server-f4136854b6e8ccf88e3e0de3ff1202845be8f903.tar.gz
nextcloud-server-f4136854b6e8ccf88e3e0de3ff1202845be8f903.zip
1 files changed, 3 insertions, 4 deletions
diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php
index c2d65d718c5..77d866979c3 100644
--- a/apps/files/ajax/newfile.php
+++ b/apps/files/ajax/newfile.php
@@ -8,12 +8,11 @@ if(!OC_User::isLoggedIn()) {
 }
 
 session_write_close();
-
 // Get the params
-$dir = isset( $_REQUEST['dir'] ) ? stripslashes($_REQUEST['dir']) : '';
-$filename = isset( $_REQUEST['filename'] ) ? stripslashes($_REQUEST['filename']) : '';
+$dir = isset( $_REQUEST['dir'] ) ? trim($_REQUEST['dir'], '/\\') : '';
+$filename = isset( $_REQUEST['filename'] ) ? trim($_REQUEST['filename'], '/\\') : '';
 $content = isset( $_REQUEST['content'] ) ? $_REQUEST['content'] : '';
-$source = isset( $_REQUEST['source'] ) ? stripslashes($_REQUEST['source']) : '';
+$source = isset( $_REQUEST['source'] ) ? trim($_REQUEST['source'], '/\\') : '';
 
 if($source) {
 	$eventSource=new OC_EventSource();
author	Björn Schießle <schiessle@owncloud.com>	2012-10-05 11:15:32 +0200
committer	Björn Schießle <schiessle@owncloud.com>	2012-10-05 11:15:32 +0200
commit	f4136854b6e8ccf88e3e0de3ff1202845be8f903 (patch)
tree	7fff9cb2fbb8fe6a91d62da615b172016ed541e1
parent	a611ce4f3327fda869884415c76c3dd64345e2c2 (diff)
download	nextcloud-server-f4136854b6e8ccf88e3e0de3ff1202845be8f903.tar.gz nextcloud-server-f4136854b6e8ccf88e3e0de3ff1202845be8f903.zip