From 9dddcae9ca3dcf872893e36e2f478ebecafdc6e2 Mon Sep 17 00:00:00 2001
From: Bart Visscher <bartv@thisnet.nl>
Date: Sat, 9 Feb 2013 15:03:47 +0100
Subject: Remove invalid characters from app id to prevent loading of invalid
 resources

---
 lib/app.php | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'lib/app.php')

diff --git a/lib/app.php b/lib/app.php
index 3a4e21e8cd1..54f16d6bdcd 100644
--- a/lib/app.php
+++ b/lib/app.php
@@ -38,6 +38,15 @@ class OC_App{
 	static private $checkedApps = array();
 	static private $altLogin = array();
 
+	/**
+	 * @brief clean the appid
+	 * @param $app Appid that needs to be cleaned
+	 * @return string
+	 */
+	public static function cleanAppId($app) {
+		return str_replace(array('\0', '/', '\\', '..'), '', $app);
+	}
+
 	/**
 	 * @brief loads all apps
 	 * @param array $types
-- 
cgit v1.2.3