diff options
Diffstat (limited to 'apps/files/ajax/newfile.php')
| -rw-r--r-- | apps/files/ajax/newfile.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php index 316eac0562d..edb78414872 100644 --- a/apps/files/ajax/newfile.php +++ b/apps/files/ajax/newfile.php @@ -15,6 +15,10 @@ if($filename == '') { OCP\JSON::error(array("data" => array( "message" => "Empty Filename" ))); exit(); } +if(strpos($filename,'/')!==false){ + OCP\JSON::error(array("data" => array( "message" => "Invalid Filename" ))); + exit(); +} if($source){ if(substr($source,0,8)!='https://' and substr($source,0,7)!='http://'){ |