prevent creating files with a / the name

author: Robin Appelman <icewind@owncloud.com> 2012-06-06 00:02:13 +0200
committer: Robin Appelman <icewind@owncloud.com> 2012-06-06 00:04:02 +0200
commit: 063c9accb6772001ade8bea1251cd0d9bd000e15 (patch)
tree: 44da8474f65f08d6e413bd5b17b482120014bfba /apps/files/ajax/newfolder.php
parent: 3a5076d6462376082d4b7f05cbdfb741f0479238 (diff)
download: nextcloud-server-063c9accb6772001ade8bea1251cd0d9bd000e15.tar.gz
nextcloud-server-063c9accb6772001ade8bea1251cd0d9bd000e15.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/apps/files/ajax/newfolder.php b/apps/files/ajax/newfolder.php
index 512e0e1f6d9..0668a6191f4 100644
--- a/apps/files/ajax/newfolder.php
+++ b/apps/files/ajax/newfolder.php
@@ -13,6 +13,10 @@ if(trim($foldername) == '') {
 	OCP\JSON::error(array("data" => array( "message" => "Empty Foldername" )));
 	exit();
 }
+if(strpos($filename,'/')!==false){
+	OCP\JSON::error(array("data" => array( "message" => "Invalid Foldername" )));
+	exit();
+}
 
 if(OC_Files::newFile($dir, stripslashes($foldername), 'dir')) {
 	OCP\JSON::success(array("data" => array()));
author	Robin Appelman <icewind@owncloud.com>	2012-06-06 00:02:13 +0200
committer	Robin Appelman <icewind@owncloud.com>	2012-06-06 00:04:02 +0200
commit	063c9accb6772001ade8bea1251cd0d9bd000e15 (patch)
tree	44da8474f65f08d6e413bd5b17b482120014bfba /apps/files/ajax/newfolder.php
parent	3a5076d6462376082d4b7f05cbdfb741f0479238 (diff)
download	nextcloud-server-063c9accb6772001ade8bea1251cd0d9bd000e15.tar.gz nextcloud-server-063c9accb6772001ade8bea1251cd0d9bd000e15.zip