diff options
| author | Georg Ehrke <dev@georgswebsite.de> | 2012-05-07 13:20:43 +0200 |
|---|---|---|
| committer | Georg Ehrke <dev@georgswebsite.de> | 2012-05-07 13:23:55 +0200 |
| commit | d032345191c57294d5723639f777692c85bd2b1a (patch) | |
| tree | db8e171a698fc96d9d21be2457612f9832d1b2c5 /lib/base.php | |
| parent | 8534373f2fea5268112fb7dee0faa2caf1106d05 (diff) | |
| download | nextcloud-server-d032345191c57294d5723639f777692c85bd2b1a.tar.gz nextcloud-server-d032345191c57294d5723639f777692c85bd2b1a.zip | |
fix validation of getfile parameter - i hate this bloody merge conflicts
Diffstat (limited to 'lib/base.php')
| -rw-r--r-- | lib/base.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/base.php b/lib/base.php index 40df2b0c56c..14f2439ecbd 100644 --- a/lib/base.php +++ b/lib/base.php @@ -443,8 +443,8 @@ class OC{ $_GET['getfile'] = $file; } if(!is_null(self::$REQUESTEDFILE)){ - $subdir = OC::$APPSROOT . '/' . self::$REQUESTEDAPP . '/' . self::$REQUESTEDFILE; - $parent = OC::$APPSROOT . '/' . self::$REQUESTEDAPP; + $subdir = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP . '/' . self::$REQUESTEDFILE; + $parent = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP; if(!OC_Helper::issubdirectory($subdir, $parent)){ self::$REQUESTEDFILE = null; header('HTTP/1.0 404 Not Found'); |