Output validation for exec() method.

author: Andreas Fischer <bantu@owncloud.com> 2014-02-09 15:56:26 +0100
committer: Andreas Fischer <bantu@owncloud.com> 2014-05-29 16:26:01 +0200
commit: 626e87aa542adaee123c7c4104411238b43b3333 (patch)
tree: 3e63feaaa6ec528c48e21ddcaee99d380dba28de /lib/private/largefilehelper.php
parent: 68cc0ba2e188c39b87f9eea0011846c0b644e09b (diff)
download: nextcloud-server-626e87aa542adaee123c7c4104411238b43b3333.tar.gz
nextcloud-server-626e87aa542adaee123c7c4104411238b43b3333.zip
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/private/largefilehelper.php b/lib/private/largefilehelper.php
index ca8f7522177..751e60de539 100644
--- a/lib/private/largefilehelper.php
+++ b/lib/private/largefilehelper.php
@@ -92,10 +92,15 @@ class LargeFileHelper {
 	public function getFilesizeViaExec($filename) {
 		if (\OC_Helper::is_function_enabled('exec')) {
 			$os = strtolower(php_uname('s'));
+			$result = '';
 			if (strpos($os, 'linux') !== false) {
-				return 0 + exec('stat -c %s ' . escapeshellarg($filename));
+				$result = trim(exec('stat -c %s ' . escapeshellarg($filename)));
 			} else if (strpos($os, 'bsd') !== false) {
-				return 0 + exec('stat -f %z ' . escapeshellarg($filename));
+				$result = trim(exec('stat -f %z ' . escapeshellarg($filename)));
+			}
+
+			if (ctype_digit($result)) {
+				return 0 + $result;
 			}
 		}
 		return null;
author	Andreas Fischer <bantu@owncloud.com>	2014-02-09 15:56:26 +0100
committer	Andreas Fischer <bantu@owncloud.com>	2014-05-29 16:26:01 +0200
commit	626e87aa542adaee123c7c4104411238b43b3333 (patch)
tree	3e63feaaa6ec528c48e21ddcaee99d380dba28de /lib/private/largefilehelper.php
parent	68cc0ba2e188c39b87f9eea0011846c0b644e09b (diff)
download	nextcloud-server-626e87aa542adaee123c7c4104411238b43b3333.tar.gz nextcloud-server-626e87aa542adaee123c7c4104411238b43b3333.zip