diff options
| author | Georg Ehrke <dev@georgswebsite.de> | 2012-04-26 17:55:00 +0200 |
|---|---|---|
| committer | Georg Ehrke <dev@georgswebsite.de> | 2012-04-26 17:55:00 +0200 |
| commit | 40f95ffdf3edf9ab45c15bd5b9018d7f4d92baa9 (patch) | |
| tree | af8aeba6f15770a2d07e9489dfc9490572b0d2e6 /apps/files/js | |
| parent | 0249a72caba9f1a4eeaf51f382a74fe61b66c284 (diff) | |
| download | nextcloud-server-40f95ffdf3edf9ab45c15bd5b9018d7f4d92baa9.tar.gz nextcloud-server-40f95ffdf3edf9ab45c15bd5b9018d7f4d92baa9.zip | |
fix security check for the path of the requested file
Diffstat (limited to 'apps/files/js')
| -rw-r--r-- | apps/files/js/fileactions.js | 2 | ||||
| -rw-r--r-- | apps/files/js/files.js | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/apps/files/js/fileactions.js b/apps/files/js/fileactions.js index fc6c99262ef..481802e0d63 100644 --- a/apps/files/js/fileactions.js +++ b/apps/files/js/fileactions.js @@ -135,7 +135,7 @@ $(document).ready(function(){ var downloadScope = 'file'; } FileActions.register(downloadScope,'Download',function(){return OC.imagePath('core','actions/download')},function(filename){ - window.location=OC.filePath('files', 'ajax', 'download.php?files='+encodeURIComponent(filename)+'&dir='+encodeURIComponent($('#dir').val())); + window.location=OC.filePath('files', 'ajax', 'download.php') + '?files='+encodeURIComponent(filename)+'&dir='+encodeURIComponent($('#dir').val()); }); }); diff --git a/apps/files/js/files.js b/apps/files/js/files.js index 4637d3cb64d..9d83e5e6d26 100644 --- a/apps/files/js/files.js +++ b/apps/files/js/files.js @@ -140,7 +140,7 @@ $(document).ready(function() { var dir=$('#dir').val()||'/'; $('#notification').text(t('files','generating ZIP-file, it may take some time.')); $('#notification').fadeIn(); - window.location=OC.filePath('files', 'ajax', 'download.php?files='+encodeURIComponent(files)+'&dir='+encodeURIComponent(dir)); + window.location=OC.filePath('files', 'ajax', 'download.php') + '?files='+encodeURIComponent(files)+'&dir='+encodeURIComponent(dir); return false; }); |