diff options
author | Joas Schilling <coding@schilljs.com> | 2016-09-01 12:24:14 +0200 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2016-09-01 12:49:35 +0200 |
commit | 5dd211cc8845fd4533966bf8d7a7f2a6359ea013 (patch) | |
tree | 2c8fda82e813f937f902004874b7134a01d2c9f1 /apps | |
parent | 778ae8abd54c378fc4781394bbedc7a2ee3095e1 (diff) | |
download | nextcloud-server-5dd211cc8845fd4533966bf8d7a7f2a6359ea013.tar.gz nextcloud-server-5dd211cc8845fd4533966bf8d7a7f2a6359ea013.zip |
Also prevent null byte character
Diffstat (limited to 'apps')
-rw-r--r-- | apps/files/js/filelist.js | 3 | ||||
-rw-r--r-- | apps/files/tests/js/filelistSpec.js | 1 |
2 files changed, 3 insertions, 1 deletions
diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js index a61f6eaf89c..bcf6f991c50 100644 --- a/apps/files/js/filelist.js +++ b/apps/files/js/filelist.js @@ -1339,7 +1339,8 @@ } } - return path.toLowerCase().indexOf(decodeURI('%0a')) === -1; + return path.toLowerCase().indexOf(decodeURI('%0a')) === -1 && + path.toLowerCase().indexOf(decodeURI('%00')) === -1; }, /** diff --git a/apps/files/tests/js/filelistSpec.js b/apps/files/tests/js/filelistSpec.js index 9753e80d189..e23a42ec4e9 100644 --- a/apps/files/tests/js/filelistSpec.js +++ b/apps/files/tests/js/filelistSpec.js @@ -1334,6 +1334,7 @@ describe('OCA.Files.FileList tests', function() { '/abc/../', '/../abc/', '/foo%0Abar/', + '/foo%00bar/', '/another\\subdir/../foo\\../bar\\..\\file/..\\folder/../' ], function(path) { fileList.changeDirectory(decodeURI(path)); |