diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2014-02-20 13:52:53 +0100 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2014-02-20 13:52:53 +0100 |
| commit | 31bab5584784f7f157b46be761b4344d25d11031 (patch) | |
| tree | 044b531dac012e4694133f2c269456070c0302b2 /apps/files/ajax/newfile.php | |
| parent | 8cf73ca42fd3e2d362a75e11a0f3ac1ae0ab3a34 (diff) | |
| parent | 742f54b6d556797bbef2847e546861de0008a28a (diff) | |
| download | nextcloud-server-31bab5584784f7f157b46be761b4344d25d11031.tar.gz nextcloud-server-31bab5584784f7f157b46be761b4344d25d11031.zip | |
Merge branch 'master' into no-css-js-delivery-via-php
Diffstat (limited to 'apps/files/ajax/newfile.php')
| -rw-r--r-- | apps/files/ajax/newfile.php | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php index 1853098c507..0187b200759 100644 --- a/apps/files/ajax/newfile.php +++ b/apps/files/ajax/newfile.php @@ -50,16 +50,22 @@ $l10n = \OC_L10n::get('files'); $result = array( 'success' => false, 'data' => NULL - ); +); +$trimmedFileName = trim($filename); -if(trim($filename) === '') { +if($trimmedFileName === '') { $result['data'] = array('message' => (string)$l10n->t('File name cannot be empty.')); OCP\JSON::error($result); exit(); } +if($trimmedFileName === '.' || $trimmedFileName === '..') { + $result['data'] = array('message' => (string)$l10n->t('"%s" is an invalid file name.', $trimmedFileName)); + OCP\JSON::error($result); + exit(); +} -if(strpos($filename, '/') !== false) { - $result['data'] = array('message' => (string)$l10n->t('File name must not contain "/". Please choose a different name.')); +if(!OCP\Util::isValidFileName($filename)) { + $result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.")); OCP\JSON::error($result); exit(); } |