Prevent special characters from breaking the file drop remote url

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
author: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com> 2018-12-18 09:17:49 +0100
committer: Backportbot <backportbot-noreply@rullzer.com> 2018-12-19 08:54:34 +0000
commit: 8e0ebb10a4554adff1fa151c5a9cc8324c86b7d8 (patch)
tree: 56e3c59299e1979dd77fcbf3e94fc43887510f27 /apps/files_sharing/js/files_drop.js
parent: 140f3d2ee0d48c297530441d315a97111fb2d53b (diff)
download: nextcloud-server-8e0ebb10a4554adff1fa151c5a9cc8324c86b7d8.tar.gz
nextcloud-server-8e0ebb10a4554adff1fa151c5a9cc8324c86b7d8.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/apps/files_sharing/js/files_drop.js b/apps/files_sharing/js/files_drop.js
index d10a61e0dfc..69465f791df 100644
--- a/apps/files_sharing/js/files_drop.js
+++ b/apps/files_sharing/js/files_drop.js
@@ -28,7 +28,11 @@
 				useHTTPS: OC.getProtocol() === 'https'
 			});
 			
+			// We only process one file at a time 🤷‍♀️
 			var name = data.files[0].name;
+			// removing unwanted characters
+			name = name.replace(/["'#%`]/gm, '');
+
 			try {
 				// FIXME: not so elegant... need to refactor that method to return a value
 				Files.isFileNameValid(name);
author	John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2018-12-18 09:17:49 +0100
committer	Backportbot <backportbot-noreply@rullzer.com>	2018-12-19 08:54:34 +0000
commit	8e0ebb10a4554adff1fa151c5a9cc8324c86b7d8 (patch)
tree	56e3c59299e1979dd77fcbf3e94fc43887510f27 /apps/files_sharing/js/files_drop.js
parent	140f3d2ee0d48c297530441d315a97111fb2d53b (diff)
download	nextcloud-server-8e0ebb10a4554adff1fa151c5a9cc8324c86b7d8.tar.gz nextcloud-server-8e0ebb10a4554adff1fa151c5a9cc8324c86b7d8.zip