diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2014-01-10 16:14:37 +0100 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2014-02-18 17:54:32 +0100 |
| commit | 797e0a614cc44e627a54dfd39ce4047d176ebd9b (patch) | |
| tree | fd0ed9c7d0d181a31da0f842414f3ed5ec5b9ea9 /apps/files/ajax/newfolder.php | |
| parent | a573fe7d769f5eea26f52b818eee11779090bb50 (diff) | |
| download | nextcloud-server-797e0a614cc44e627a54dfd39ce4047d176ebd9b.tar.gz nextcloud-server-797e0a614cc44e627a54dfd39ce4047d176ebd9b.zip | |
Added extra checks for invalid file chars in newfile.php and newfolder.php
- added PHP utility function to check for file name validity
- fixes issue where a user can create a file called ".." from the files UI
- added extra checks to make sure newfile.php and newfolder.php also
check for invalid characters
Diffstat (limited to 'apps/files/ajax/newfolder.php')
| -rw-r--r-- | apps/files/ajax/newfolder.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/apps/files/ajax/newfolder.php b/apps/files/ajax/newfolder.php index 4cfcae3090d..b2b4fb27f74 100644 --- a/apps/files/ajax/newfolder.php +++ b/apps/files/ajax/newfolder.php @@ -23,8 +23,8 @@ if(trim($foldername) === '') { exit(); } -if(strpos($foldername, '/') !== false) { - $result['data'] = array('message' => $l10n->t('Folder name must not contain "/". Please choose a different name.')); +if(!OCP\Util::isValidFileName($foldername)) { + $result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.")); OCP\JSON::error($result); exit(); } |