diff options
| -rw-r--r-- | apps/files/js/filelist.js | 7 | ||||
| -rw-r--r-- | apps/files/tests/js/filelistSpec.js | 3 |
2 files changed, 8 insertions, 2 deletions
diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js index ca41012764a..52486df91c9 100644 --- a/apps/files/js/filelist.js +++ b/apps/files/js/filelist.js @@ -1407,6 +1407,10 @@ return OC.linkTo('files', 'index.php')+"?dir="+ encodeURIComponent(dir).replace(/%2F/g, '/'); }, + /** + * @param {string} path + * @returns {boolean} + */ _isValidPath: function(path) { var sections = path.split('/'); for (var i = 0; i < sections.length; i++) { @@ -1414,7 +1418,8 @@ return false; } } - return true; + + return path.toLowerCase().indexOf(decodeURI('%0a')) === -1; }, /** diff --git a/apps/files/tests/js/filelistSpec.js b/apps/files/tests/js/filelistSpec.js index 0a4812f3a81..9180b032301 100644 --- a/apps/files/tests/js/filelistSpec.js +++ b/apps/files/tests/js/filelistSpec.js @@ -1401,9 +1401,10 @@ describe('OCA.Files.FileList tests', function() { '/abc/..', '/abc/../', '/../abc/', + '/foo%0Abar/', '/another\\subdir/../foo\\../bar\\..\\file/..\\folder/../' ], function(path) { - fileList.changeDirectory(path); + fileList.changeDirectory(decodeURI(path)); expect(fileList.getCurrentDirectory()).toEqual('/'); }); }); |