Merge pull request #15252 from owncloud/prevent-directory-characters-in-temporary-path

Filter potential dangerous characters in path name
author: Thomas Müller <thomas.mueller@tmit.eu> 2015-03-27 01:19:55 +0100
committer: Thomas Müller <thomas.mueller@tmit.eu> 2015-03-27 01:19:55 +0100
commit: fb8994603bb68e2787ff836938b3b15905942731 (patch)
tree: baeb163c4b0f2260953d862d731ad9b24d8c20e7 /lib
parent: 710498402f7ac0c007999dd9d0bd70a2dc73a351 (diff)
parent: 9622fbdf292298458427ac6a33d65aba8f07b395 (diff)
download: nextcloud-server-fb8994603bb68e2787ff836938b3b15905942731.tar.gz
nextcloud-server-fb8994603bb68e2787ff836938b3b15905942731.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/private/tempmanager.php b/lib/private/tempmanager.php
index 197c0233142..5ab1427c505 100644
--- a/lib/private/tempmanager.php
+++ b/lib/private/tempmanager.php
@@ -54,10 +54,15 @@ class TempManager implements ITempManager {
 		$this->log = $logger;
 	}
 
+	/**
+	 * @param string $postFix
+	 * @return string
+	 */
 	protected function generatePath($postFix) {
 		if ($postFix) {
 			$postFix = '.' . ltrim($postFix, '.');
 		}
+		$postFix = str_replace(['\\', '/'], '', $postFix);
 		return $this->tmpBaseDir . '/oc_tmp_' . md5(time() . rand()) . $postFix;
 	}
author	Thomas Müller <thomas.mueller@tmit.eu>	2015-03-27 01:19:55 +0100
committer	Thomas Müller <thomas.mueller@tmit.eu>	2015-03-27 01:19:55 +0100
commit	fb8994603bb68e2787ff836938b3b15905942731 (patch)
tree	baeb163c4b0f2260953d862d731ad9b24d8c20e7 /lib
parent	710498402f7ac0c007999dd9d0bd70a2dc73a351 (diff)
parent	9622fbdf292298458427ac6a33d65aba8f07b395 (diff)
download	nextcloud-server-fb8994603bb68e2787ff836938b3b15905942731.tar.gz nextcloud-server-fb8994603bb68e2787ff836938b3b15905942731.zip