Also prevent null byte character

author: Joas Schilling <coding@schilljs.com> 2016-09-01 12:24:14 +0200
committer: Joas Schilling <coding@schilljs.com> 2016-09-01 12:24:14 +0200
commit: 6c81c65eea4d77ab92d684894b2b48fc36528267 (patch)
tree: 925bdf65d293152f0b57469c617e6300f2bdb4fa /apps/files
parent: 26c03524e700f1938a85723ab63deaf259021327 (diff)
download: nextcloud-server-6c81c65eea4d77ab92d684894b2b48fc36528267.tar.gz
nextcloud-server-6c81c65eea4d77ab92d684894b2b48fc36528267.zip
2 files changed, 3 insertions, 1 deletions
diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js
index 52486df91c9..cfaeca1a06b 100644
--- a/apps/files/js/filelist.js
+++ b/apps/files/js/filelist.js
@@ -1419,7 +1419,8 @@
 				}
 			}
 
-			return path.toLowerCase().indexOf(decodeURI('%0a')) === -1;
+			return path.toLowerCase().indexOf(decodeURI('%0a')) === -1 &&
+				path.toLowerCase().indexOf(decodeURI('%00')) === -1;
 		},
 
 		/**
diff --git a/apps/files/tests/js/filelistSpec.js b/apps/files/tests/js/filelistSpec.js
index 9180b032301..304f8438a59 100644
--- a/apps/files/tests/js/filelistSpec.js
+++ b/apps/files/tests/js/filelistSpec.js
@@ -1402,6 +1402,7 @@ describe('OCA.Files.FileList tests', function() {
 				'/abc/../',
 				'/../abc/',
 				'/foo%0Abar/',
+				'/foo%00bar/',
 				'/another\\subdir/../foo\\../bar\\..\\file/..\\folder/../'
 			], function(path) {
 				fileList.changeDirectory(decodeURI(path));
author	Joas Schilling <coding@schilljs.com>	2016-09-01 12:24:14 +0200
committer	Joas Schilling <coding@schilljs.com>	2016-09-01 12:24:14 +0200
commit	6c81c65eea4d77ab92d684894b2b48fc36528267 (patch)
tree	925bdf65d293152f0b57469c617e6300f2bdb4fa /apps/files
parent	26c03524e700f1938a85723ab63deaf259021327 (diff)
download	nextcloud-server-6c81c65eea4d77ab92d684894b2b48fc36528267.tar.gz nextcloud-server-6c81c65eea4d77ab92d684894b2b48fc36528267.zip