diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2014-02-20 11:53:58 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2014-02-20 11:53:58 +0100 |
| commit | 719f1111b636a854d22e8d8a5423629eeb07dc75 (patch) | |
| tree | 615036d16a34090b4c9d4dbee439b90018d83d69 /apps/files/ajax | |
| parent | 8114843973d62b33bb9611634b28f220b5b59e2b (diff) | |
| parent | bd71a1b7b66f02b3630da44e24b48e29f3d02f17 (diff) | |
| download | nextcloud-server-719f1111b636a854d22e8d8a5423629eeb07dc75.tar.gz nextcloud-server-719f1111b636a854d22e8d8a5423629eeb07dc75.zip | |
Merge pull request #6714 from owncloud/files-newfileinvalidcharsfix
Added extra checks for invalid file chars in newfile.php and newfolder.php
Diffstat (limited to 'apps/files/ajax')
| -rw-r--r-- | apps/files/ajax/newfile.php | 14 | ||||
| -rw-r--r-- | apps/files/ajax/newfolder.php | 4 |
2 files changed, 12 insertions, 6 deletions
diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php index 1853098c507..0187b200759 100644 --- a/apps/files/ajax/newfile.php +++ b/apps/files/ajax/newfile.php @@ -50,16 +50,22 @@ $l10n = \OC_L10n::get('files'); $result = array( 'success' => false, 'data' => NULL - ); +); +$trimmedFileName = trim($filename); -if(trim($filename) === '') { +if($trimmedFileName === '') { $result['data'] = array('message' => (string)$l10n->t('File name cannot be empty.')); OCP\JSON::error($result); exit(); } +if($trimmedFileName === '.' || $trimmedFileName === '..') { + $result['data'] = array('message' => (string)$l10n->t('"%s" is an invalid file name.', $trimmedFileName)); + OCP\JSON::error($result); + exit(); +} -if(strpos($filename, '/') !== false) { - $result['data'] = array('message' => (string)$l10n->t('File name must not contain "/". Please choose a different name.')); +if(!OCP\Util::isValidFileName($filename)) { + $result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.")); OCP\JSON::error($result); exit(); } diff --git a/apps/files/ajax/newfolder.php b/apps/files/ajax/newfolder.php index 4cfcae3090d..b2b4fb27f74 100644 --- a/apps/files/ajax/newfolder.php +++ b/apps/files/ajax/newfolder.php @@ -23,8 +23,8 @@ if(trim($foldername) === '') { exit(); } -if(strpos($foldername, '/') !== false) { - $result['data'] = array('message' => $l10n->t('Folder name must not contain "/". Please choose a different name.')); +if(!OCP\Util::isValidFileName($foldername)) { + $result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.")); OCP\JSON::error($result); exit(); } |