diff options
| author | John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com> | 2018-12-18 09:17:49 +0100 |
|---|---|---|
| committer | John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com> | 2018-12-18 09:17:49 +0100 |
| commit | bd3b2270129ac51cfaa13924720988cae46c4268 (patch) | |
| tree | 2fb35395c9589663d0c4631e01caf38ff58ca909 /apps | |
| parent | 6f994be665b876c35fa73d4672e81264c43efe8d (diff) | |
| download | nextcloud-server-bd3b2270129ac51cfaa13924720988cae46c4268.tar.gz nextcloud-server-bd3b2270129ac51cfaa13924720988cae46c4268.zip | |
Prevent special characters from breaking the file drop remote url
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/files_sharing/js/files_drop.js | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/apps/files_sharing/js/files_drop.js b/apps/files_sharing/js/files_drop.js index d10a61e0dfc..69465f791df 100644 --- a/apps/files_sharing/js/files_drop.js +++ b/apps/files_sharing/js/files_drop.js @@ -28,7 +28,11 @@ useHTTPS: OC.getProtocol() === 'https' }); + // We only process one file at a time 🤷♀️ var name = data.files[0].name; + // removing unwanted characters + name = name.replace(/["'#%`]/gm, ''); + try { // FIXME: not so elegant... need to refactor that method to return a value Files.isFileNameValid(name); |