diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2014-02-19 15:38:00 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2014-02-19 15:38:00 +0100 |
| commit | 2d5b3899a68adb496d6e20e93352395ba7b5dd2e (patch) | |
| tree | 0ce35223cdbd079b8197fb9d50fd1f6fe81261af /apps/files/js/files.js | |
| parent | 952584e9c782d196eb2bcd6df1e3ecdf21adcb55 (diff) | |
| download | nextcloud-server-2d5b3899a68adb496d6e20e93352395ba7b5dd2e.tar.gz nextcloud-server-2d5b3899a68adb496d6e20e93352395ba7b5dd2e.zip | |
Hardening: Remove dangerous characters + Subdirectory Check
If an user is able to create folders in /core/l10n/ he is able to execute arbitrary code. Therefore I've added an `issubdirectory` check and removed all potential dangerous characters from `$lang`.
Diffstat (limited to 'apps/files/js/files.js')
0 files changed, 0 insertions, 0 deletions