summaryrefslogtreecommitdiffstats
path: root/apps/files/ajax
diff options
context:
space:
mode:
Diffstat (limited to 'apps/files/ajax')
-rw-r--r--apps/files/ajax/delete.php2
-rw-r--r--apps/files/ajax/move.php6
-rw-r--r--apps/files/ajax/newfile.php1
-rw-r--r--apps/files/ajax/newfolder.php4
-rw-r--r--apps/files/ajax/upload.php4
5 files changed, 8 insertions, 9 deletions
diff --git a/apps/files/ajax/delete.php b/apps/files/ajax/delete.php
index 4d4232e872e..61caa7618da 100644
--- a/apps/files/ajax/delete.php
+++ b/apps/files/ajax/delete.php
@@ -6,7 +6,7 @@ OCP\JSON::callCheck();
// Get data
-$dir = stripslashes($_POST["dir"]);
+$dir = isset($_POST['dir']) ? $_POST['dir'] : '';
$allFiles = isset($_POST["allfiles"]) ? $_POST["allfiles"] : false;
// delete all files in dir ?
diff --git a/apps/files/ajax/move.php b/apps/files/ajax/move.php
index 12760d4415f..a9e0d09f176 100644
--- a/apps/files/ajax/move.php
+++ b/apps/files/ajax/move.php
@@ -5,9 +5,9 @@ OCP\JSON::callCheck();
\OC::$server->getSession()->close();
// Get data
-$dir = stripslashes($_POST["dir"]);
-$file = stripslashes($_POST["file"]);
-$target = stripslashes(rawurldecode($_POST["target"]));
+$dir = isset($_POST['dir']) ? $_POST['dir'] : '';
+$file = isset($_POST['file']) ? $_POST['file'] : '';
+$target = isset($_POST['target']) ? rawurldecode($_POST['target']) : '';
$l = \OC::$server->getL10N('files');
diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php
index c162237fe92..0eb144aca56 100644
--- a/apps/files/ajax/newfile.php
+++ b/apps/files/ajax/newfile.php
@@ -81,7 +81,6 @@ if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
exit();
}
-//TODO why is stripslashes used on foldername in newfolder.php but not here?
$target = $dir.'/'.$filename;
if (\OC\Files\Filesystem::file_exists($target)) {
diff --git a/apps/files/ajax/newfolder.php b/apps/files/ajax/newfolder.php
index ea7a10c2ab9..3ad64021cfe 100644
--- a/apps/files/ajax/newfolder.php
+++ b/apps/files/ajax/newfolder.php
@@ -8,8 +8,8 @@ OCP\JSON::callCheck();
\OC::$server->getSession()->close();
// Get the params
-$dir = isset( $_POST['dir'] ) ? stripslashes($_POST['dir']) : '';
-$foldername = isset( $_POST['foldername'] ) ? stripslashes($_POST['foldername']) : '';
+$dir = isset($_POST['dir']) ? $_POST['dir'] : '';
+$foldername = isset($_POST['foldername']) ? $_POST['foldername'] : '';
$l10n = \OC::$server->getL10N('files');
diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index 7bf6c40e87c..88375f82acb 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -132,9 +132,9 @@ if (strpos($dir, '..') === false) {
// $path needs to be normalized - this failed within drag'n'drop upload to a sub-folder
if ($resolution === 'autorename') {
// append a number in brackets like 'filename (2).ext'
- $target = OCP\Files::buildNotExistingFileName(stripslashes($dir . $relativePath), $files['name'][$i]);
+ $target = OCP\Files::buildNotExistingFileName($dir . $relativePath, $files['name'][$i]);
} else {
- $target = \OC\Files\Filesystem::normalizePath(stripslashes($dir . $relativePath).'/'.$files['name'][$i]);
+ $target = \OC\Files\Filesystem::normalizePath($dir . $relativePath.'/'.$files['name'][$i]);
}
// relative dir to return to the client