diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-02-18 16:01:24 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-02-18 18:17:33 +0100 |
| commit | 41e5850450d962deff277cb713b8d057e9749dbf (patch) | |
| tree | f1fa93e285337ea596d10a3f695a634124d3ccac /lib | |
| parent | 8d09cc3b91a9689a6c95e06c8002288bdd8d5bbf (diff) | |
| download | nextcloud-server-41e5850450d962deff277cb713b8d057e9749dbf.tar.gz nextcloud-server-41e5850450d962deff277cb713b8d057e9749dbf.zip | |
Prevent directory traversals in ctr of \OC\Files\View
This prevents a misusage of \OC\Files\View by calling it with user-supplied input. In such cases an exception is now thrown.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/files/view.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/private/files/view.php b/lib/private/files/view.php index 3bc9fdff1ee..3dfd4d0c105 100644 --- a/lib/private/files/view.php +++ b/lib/private/files/view.php @@ -36,7 +36,15 @@ class View { */ protected $updater; + /** + * @param string $root + * @throws \Exception If $root contains an invalid path + */ public function __construct($root = '') { + if(!Filesystem::isValidPath($root)) { + throw new \Exception(); + } + $this->fakeRoot = $root; $this->updater = new Updater($this); } |