diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2014-01-10 16:14:37 +0100 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2014-02-18 17:54:32 +0100 |
| commit | 797e0a614cc44e627a54dfd39ce4047d176ebd9b (patch) | |
| tree | fd0ed9c7d0d181a31da0f842414f3ed5ec5b9ea9 /lib/public | |
| parent | a573fe7d769f5eea26f52b818eee11779090bb50 (diff) | |
| download | nextcloud-server-797e0a614cc44e627a54dfd39ce4047d176ebd9b.tar.gz nextcloud-server-797e0a614cc44e627a54dfd39ce4047d176ebd9b.zip | |
Added extra checks for invalid file chars in newfile.php and newfolder.php
- added PHP utility function to check for file name validity
- fixes issue where a user can create a file called ".." from the files UI
- added extra checks to make sure newfile.php and newfolder.php also
check for invalid characters
Diffstat (limited to 'lib/public')
| -rw-r--r-- | lib/public/constants.php | 3 | ||||
| -rw-r--r-- | lib/public/util.php | 9 |
2 files changed, 12 insertions, 0 deletions
diff --git a/lib/public/constants.php b/lib/public/constants.php index 1495c620dc9..350646a0ac0 100644 --- a/lib/public/constants.php +++ b/lib/public/constants.php @@ -35,3 +35,6 @@ const PERMISSION_UPDATE = 2; const PERMISSION_DELETE = 8; const PERMISSION_SHARE = 16; const PERMISSION_ALL = 31; + +const FILENAME_INVALID_CHARS = "\\/<>:\"|?*\n"; + diff --git a/lib/public/util.php b/lib/public/util.php index 570283e2a8a..585c5d22634 100644 --- a/lib/public/util.php +++ b/lib/public/util.php @@ -486,4 +486,13 @@ class Util { public static function uploadLimit() { return \OC_Helper::uploadLimit(); } + + /** + * Returns whether the given file name is valid + * @param $file string file name to check + * @return bool true if the file name is valid, false otherwise + */ + public static function isValidFileName($file) { + return \OC_Util::isValidFileName($file); + } } |