From f74525c349c501c750d35e43153c862cf56a0221 Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind@owncloud.com>
Date: Sun, 26 Jul 2015 19:13:31 +0200
Subject: check if the user is trying to scan a valid path

---
 lib/private/files/utils/scanner.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lib/private/files')

diff --git a/lib/private/files/utils/scanner.php b/lib/private/files/utils/scanner.php
index 3d68eb530a2..c70f4beb31d 100644
--- a/lib/private/files/utils/scanner.php
+++ b/lib/private/files/utils/scanner.php
@@ -131,6 +131,9 @@ class Scanner extends PublicEmitter {
 	 * @throws \OC\ForbiddenException
 	 */
 	public function scan($dir = '') {
+		if (!Filesystem::isValidPath($dir)) {
+			throw new \InvalidArgumentException('Invalid path to scan');
+		}
 		$mounts = $this->getMounts($dir);
 		foreach ($mounts as $mount) {
 			if (is_null($mount->getStorage())) {
-- 
cgit v1.2.3