diff options
| -rw-r--r-- | apps/files/ajax/upload.php | 2 | ||||
| -rw-r--r-- | lib/private/session/cryptowrapper.php | 6 |
2 files changed, 6 insertions, 2 deletions
diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php index 4bc2ce8bdf3..7ff02d8db8e 100644 --- a/apps/files/ajax/upload.php +++ b/apps/files/ajax/upload.php @@ -148,7 +148,7 @@ if ($maxUploadFileSize >= 0 and $totalSize > $maxUploadFileSize) { } $result = array(); -if (strpos($dir, '..') === false) { +if (\OC\Files\Filesystem::isValidPath($dir) === true) { $fileCount = count($files['name']); for ($i = 0; $i < $fileCount; $i++) { diff --git a/lib/private/session/cryptowrapper.php b/lib/private/session/cryptowrapper.php index 62bdcbfb719..261514d683e 100644 --- a/lib/private/session/cryptowrapper.php +++ b/lib/private/session/cryptowrapper.php @@ -77,7 +77,11 @@ class CryptoWrapper { $secureCookie = $request->getServerProtocol() === 'https'; // FIXME: Required for CI if (!defined('PHPUNIT_RUN')) { - setcookie(self::COOKIE_NAME, $this->passphrase, 0, \OC::$WEBROOT, '', $secureCookie, true); + $webRoot = \OC::$WEBROOT; + if($webRoot === '') { + $webRoot = '/'; + } + setcookie(self::COOKIE_NAME, $this->passphrase, 0, $webRoot, '', $secureCookie, true); } } } |