summaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
Diffstat (limited to 'apps')
-rw-r--r--apps/files/js/filelist.js2
-rw-r--r--apps/files/tests/js/filelistSpec.js4
2 files changed, 5 insertions, 1 deletions
diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js
index e483882fcc5..1f19c2a6258 100644
--- a/apps/files/js/filelist.js
+++ b/apps/files/js/filelist.js
@@ -1404,7 +1404,7 @@
* @param {string} [fileId] file id
*/
_setCurrentDir: function(targetDir, changeUrl, fileId) {
- targetDir = targetDir.replace(/\\/g, '/');
+ targetDir = targetDir.replace(/\\/g, '/').replace(/\.\.\//g, '');
var previousDir = this.getCurrentDirectory(),
baseDir = OC.basename(targetDir);
diff --git a/apps/files/tests/js/filelistSpec.js b/apps/files/tests/js/filelistSpec.js
index ae4b75f7771..baf071af9bd 100644
--- a/apps/files/tests/js/filelistSpec.js
+++ b/apps/files/tests/js/filelistSpec.js
@@ -1334,6 +1334,10 @@ describe('OCA.Files.FileList tests', function() {
fileList.changeDirectory('/another\\subdir');
expect(fileList.getCurrentDirectory()).toEqual('/another/subdir');
});
+ it('converts backslashes to slashes and removes traversals when calling changeDirectory()', function() {
+ fileList.changeDirectory('/another\\subdir/../foo\\../bar\\..\\file/..\\folder/../');
+ expect(fileList.getCurrentDirectory()).toEqual('/another/subdir/foo/bar/file/folder/');
+ });
it('switches to root dir when current directory does not exist', function() {
fileList.changeDirectory('/unexist');
deferredList.reject(404);
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-31 06:59:14 +0000