diff options
| author | Thomas Tanghus <thomas@tanghus.net> | 2012-01-02 19:38:10 +0100 |
|---|---|---|
| committer | Thomas Tanghus <thomas@tanghus.net> | 2012-01-02 19:38:10 +0100 |
| commit | 2a184631d12e4baf1a737d41438d13eb825c643b (patch) | |
| tree | e171711416861383db8f4a3b179034349d9d02e7 /lib | |
| parent | 6a7fbf9d136c44c7bdb9fab80354cbf44fadc105 (diff) | |
| parent | cc55f00481dd00c4db54714d79e1f13158a87850 (diff) | |
| download | nextcloud-server-2a184631d12e4baf1a737d41438d13eb825c643b.tar.gz nextcloud-server-2a184631d12e4baf1a737d41438d13eb825c643b.zip | |
Merge git://gitorious.org/owncloud/owncloud into oc_image
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/filesystem.php | 39 | ||||
| -rw-r--r-- | lib/user.php | 2 |
2 files changed, 21 insertions, 20 deletions
diff --git a/lib/filesystem.php b/lib/filesystem.php index 1205a6aa51b..627f494c937 100644 --- a/lib/filesystem.php +++ b/lib/filesystem.php @@ -199,11 +199,26 @@ class OC_Filesystem{ */ static public function getLocalFile($path){ $parent=substr($path,0,strrpos($path,'/')); - if(self::is_readable($parent) and $storage=self::getStorage($path)){ + if(self::isValidPath($parent) and $storage=self::getStorage($path)){ return $storage->getLocalFile(self::getInternalPath($path)); } } + /** + * check if the requested path is valid + * @param string path + * @return bool + */ + static public function isValidPath($path){ + if(substr($path,0,1)!=='/'){ + $path='/'.$path; + } + if(strstr($path,'/../') || strrchr($path, '/') === '/..' ){ + return false; + } + return true; + } + static public function mkdir($path){ return self::basicOperation('mkdir',$path,array('create','write')); } @@ -238,24 +253,10 @@ class OC_Filesystem{ return self::basicOperation('readfile',$path,array('read')); } static public function is_readable($path){ - if(substr($path,0,1)!=='/'){ - $path='/'.$path; - } - if(strstr($path,'/../') || strrchr($path, '/') === '/..' ){ - return false; - } - $storage=self::getStorage($path); - return $storage->is_readable(self::getInternalPath($path)); + return self::basicOperation('is_readable',$path); } static public function is_writeable($path){ - if(substr($path,0,1)!=='/'){ - $path='/'.$path; - } - if(strstr($path,'/../') || strrchr($path, '/') === '/..' ){ - return false; - } - $storage=self::getStorage($path); - return $storage->is_writeable(self::getInternalPath($path)); + return self::basicOperation('is_writeable',$path); } static public function file_exists($path){ if($path=='/'){ @@ -358,7 +359,7 @@ class OC_Filesystem{ return self::basicOperation('fopen',$path,$hooks,$mode); } static public function toTmpFile($path){ - if(OC_FileProxy::runPreProxies('toTmpFile',$path) and self::is_readable($path) and $storage=self::getStorage($path)){ + if(OC_FileProxy::runPreProxies('toTmpFile',$path) and self::isValidPath($path) and $storage=self::getStorage($path)){ OC_Hook::emit( 'OC_Filesystem', 'read', array( 'path' => $path)); return $storage->toTmpFile(self::getInternalPath($path)); } @@ -447,7 +448,7 @@ class OC_Filesystem{ * @return mixed */ private static function basicOperation($operation,$path,$hooks=array(),$extraParam=null){ - if(OC_FileProxy::runPreProxies($operation,$path, $extraParam) and self::is_readable($path) and $storage=self::getStorage($path)){ + if(OC_FileProxy::runPreProxies($operation,$path, $extraParam) and self::isValidPath($path) and $storage=self::getStorage($path)){ $interalPath=self::getInternalPath($path); $run=true; foreach($hooks as $hook){ diff --git a/lib/user.php b/lib/user.php index 241d9aa8b10..0a5881ec0f8 100644 --- a/lib/user.php +++ b/lib/user.php @@ -120,7 +120,7 @@ class OC_User { return false; } // No empty username - if( !$uid ){ + if(trim($uid) == ''){ return false; } // Check if user already exists |