From 40f95ffdf3edf9ab45c15bd5b9018d7f4d92baa9 Mon Sep 17 00:00:00 2001
From: Georg Ehrke <dev@georgswebsite.de>
Date: Thu, 26 Apr 2012 17:55:00 +0200
Subject: fix security check for the path of the requested file

---
 apps/files/js/fileactions.js | 2 +-
 apps/files/js/files.js       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'apps/files/js')

diff --git a/apps/files/js/fileactions.js b/apps/files/js/fileactions.js
index fc6c99262ef..481802e0d63 100644
--- a/apps/files/js/fileactions.js
+++ b/apps/files/js/fileactions.js
@@ -135,7 +135,7 @@ $(document).ready(function(){
 		var downloadScope = 'file';
 	}
 	FileActions.register(downloadScope,'Download',function(){return OC.imagePath('core','actions/download')},function(filename){
-		window.location=OC.filePath('files', 'ajax', 'download.php?files='+encodeURIComponent(filename)+'&dir='+encodeURIComponent($('#dir').val()));
+		window.location=OC.filePath('files', 'ajax', 'download.php') + '?files='+encodeURIComponent(filename)+'&dir='+encodeURIComponent($('#dir').val());
 	});
 });
 
diff --git a/apps/files/js/files.js b/apps/files/js/files.js
index 4637d3cb64d..9d83e5e6d26 100644
--- a/apps/files/js/files.js
+++ b/apps/files/js/files.js
@@ -140,7 +140,7 @@ $(document).ready(function() {
 		var dir=$('#dir').val()||'/';
 		$('#notification').text(t('files','generating ZIP-file, it may take some time.'));
 		$('#notification').fadeIn();
-		window.location=OC.filePath('files', 'ajax', 'download.php?files='+encodeURIComponent(files)+'&dir='+encodeURIComponent(dir));
+		window.location=OC.filePath('files', 'ajax', 'download.php') + '?files='+encodeURIComponent(files)+'&dir='+encodeURIComponent(dir);
 		return false;
 	});
 
-- 
cgit v1.2.3