diff --git a/files/ajax/delete.php b/files/ajax/delete.php
index 48df5862db2d763978fc6a5d040b94bc7c279c27..1725201fdd9e4541bce45d4334c6c86be60f274b 100644
--- a/files/ajax/delete.php
+++ b/files/ajax/delete.php
@@ -6,8 +6,8 @@ require_once('../../lib/base.php');
OC_JSON::checkLoggedIn();
// Get data
-$dir = $_GET["dir"];
-$files = isset($_GET["file"]) ? $_GET["file"] : $_GET["files"];
+$dir = stripslashes($_GET["dir"]);
+$files = isset($_GET["file"]) ? stripslashes($_GET["file"]) : stripslashes($_GET["files"]);
$files = explode(';', $files);
$filesWithError = '';
diff --git a/files/ajax/move.php b/files/ajax/move.php
index 3517901c6cfe2e93234a7b25544793d71e7423c5..9af3f80208f5e0b8d31e8f00279a39efcc222ede 100644
--- a/files/ajax/move.php
+++ b/files/ajax/move.php
@@ -6,9 +6,9 @@ require_once('../../lib/base.php');
OC_JSON::checkLoggedIn();
// Get data
-$dir = $_GET["dir"];
-$file = $_GET["file"];
-$target = $_GET["target"];
+$dir = stripslashes($_GET["dir"]);
+$file = stripslashes($_GET["file"]);
+$target = stripslashes($_GET["target"]);
if(OC_Files::move($dir,$file,$target,$file)){
diff --git a/files/ajax/newfile.php b/files/ajax/newfile.php
index 5c4f49a3675ce307f9ef8a1a42ae6880abb1001d..afc444bc0acadbcb35247ac4691d44c255106bc9 100644
--- a/files/ajax/newfile.php
+++ b/files/ajax/newfile.php
@@ -6,8 +6,8 @@ require_once('../../lib/base.php');
OC_JSON::checkLoggedIn();
// Get the params
-$dir = isset( $_GET['dir'] ) ? $_GET['dir'] : '';
-$filename = isset( $_GET['filename'] ) ? $_GET['filename'] : '';
+$dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : '';
+$filename = isset( $_GET['filename'] ) ? stripslashes($_GET['filename']) : '';
$content = isset( $_GET['content'] ) ? $_GET['content'] : '';
if($filename == '') {
@@ -24,4 +24,4 @@ if(OC_Files::newFile($dir, $filename, 'file')) {
}
-OC_JSON::error(array("data" => array( "message" => "Error when creating the file" )));
\ No newline at end of file
+OC_JSON::error(array("data" => array( "message" => "Error when creating the file" )));
diff --git a/files/ajax/newfolder.php b/files/ajax/newfolder.php
index d244fb7be19dba8fa39052bd19141fd3b23ed7a1..6db045c4e1728fc7d555f5c8bd73fe09d798f46c 100644
--- a/files/ajax/newfolder.php
+++ b/files/ajax/newfolder.php
@@ -6,15 +6,15 @@ require_once('../../lib/base.php');
OC_JSON::checkLoggedIn();
// Get the params
-$dir = isset( $_GET['dir'] ) ? $_GET['dir'] : '';
-$foldername = isset( $_GET['foldername'] ) ? $_GET['foldername'] : '';
+$dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : '';
+$foldername = isset( $_GET['foldername'] ) ? stripslashes($_GET['foldername']) : '';
if(trim($foldername) == '') {
OC_JSON::error(array("data" => array( "message" => "Empty Foldername" )));
exit();
}
-if(OC_Files::newFile($dir, $foldername, 'dir')) {
+if(OC_Files::newFile($dir, stripslashes($foldername), 'dir')) {
OC_JSON::success(array("data" => array()));
exit();
}
diff --git a/files/ajax/rename.php b/files/ajax/rename.php
index 87ffbc3ada0784ee9a88819bb173e1ffa8f5dda8..a51b36635b376694166ab1914c8ab6004b24f2e3 100644
--- a/files/ajax/rename.php
+++ b/files/ajax/rename.php
@@ -6,9 +6,9 @@ require_once('../../lib/base.php');
OC_JSON::checkLoggedIn();
// Get data
-$dir = $_GET["dir"];
-$file = $_GET["file"];
-$newname = $_GET["newname"];
+$dir = stripslashes($_GET["dir"]);
+$file = stripslashes($_GET["file"]);
+$newname = stripslashes($_GET["newname"]);
// Delete
if( OC_Files::move( $dir, $file, $dir, $newname )) {
diff --git a/files/index.php b/files/index.php
index 7f3c5c579e73d789a710022e9bf1582d3173c50d..fbf7a4901a1fe35fe5feb3f4f1be9f7ddbd3a4ec 100644
--- a/files/index.php
+++ b/files/index.php
@@ -38,7 +38,7 @@ if(!isset($_SESSION['timezone'])){
}
OC_App::setActiveNavigationEntry( "files_index" );
// Load the files
-$dir = isset( $_GET['dir'] ) ? $_GET['dir'] : '';
+$dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : '';
// Redirect if directory does not exist
if(!OC_Filesystem::is_dir($dir)) {
header("Location: ".$_SERVER['PHP_SELF']."");