From 3210fe25649cf8c60e3d3c22cd86f9320115e5b2 Mon Sep 17 00:00:00 2001
From: Bartek Przybylski <bart.p.pl@gmail.com>
Date: Sun, 15 Jan 2012 20:48:38 +0100
Subject: [PATCH] fix creating/moving/renaming/deleting files/dirs with ' in
 name

---
 files/ajax/delete.php    | 4 ++--
 files/ajax/move.php      | 6 +++---
 files/ajax/newfile.php   | 6 +++---
 files/ajax/newfolder.php | 6 +++---
 files/ajax/rename.php    | 6 +++---
 files/index.php          | 2 +-
 6 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/files/ajax/delete.php b/files/ajax/delete.php
index 48df5862db..1725201fdd 100644
--- a/files/ajax/delete.php
+++ b/files/ajax/delete.php
@@ -6,8 +6,8 @@ require_once('../../lib/base.php');
 OC_JSON::checkLoggedIn();
 
 // Get data
-$dir = $_GET["dir"];
-$files = isset($_GET["file"]) ? $_GET["file"] : $_GET["files"];
+$dir = stripslashes($_GET["dir"]);
+$files = isset($_GET["file"]) ? stripslashes($_GET["file"]) : stripslashes($_GET["files"]);
 
 $files = explode(';', $files);
 $filesWithError = '';
diff --git a/files/ajax/move.php b/files/ajax/move.php
index 3517901c6c..9af3f80208 100644
--- a/files/ajax/move.php
+++ b/files/ajax/move.php
@@ -6,9 +6,9 @@ require_once('../../lib/base.php');
 OC_JSON::checkLoggedIn();
 
 // Get data
-$dir = $_GET["dir"];
-$file = $_GET["file"];
-$target = $_GET["target"];
+$dir = stripslashes($_GET["dir"]);
+$file = stripslashes($_GET["file"]);
+$target = stripslashes($_GET["target"]);
 
 
 if(OC_Files::move($dir,$file,$target,$file)){
diff --git a/files/ajax/newfile.php b/files/ajax/newfile.php
index 5c4f49a367..afc444bc0a 100644
--- a/files/ajax/newfile.php
+++ b/files/ajax/newfile.php
@@ -6,8 +6,8 @@ require_once('../../lib/base.php');
 OC_JSON::checkLoggedIn();
 
 // Get the params
-$dir = isset( $_GET['dir'] ) ? $_GET['dir'] : '';
-$filename = isset( $_GET['filename'] ) ? $_GET['filename'] : '';
+$dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : '';
+$filename = isset( $_GET['filename'] ) ? stripslashes($_GET['filename']) : '';
 $content = isset( $_GET['content'] ) ? $_GET['content'] : '';
 
 if($filename == '') {
@@ -24,4 +24,4 @@ if(OC_Files::newFile($dir, $filename, 'file')) {
 }
 
 
-OC_JSON::error(array("data" => array( "message" => "Error when creating the file" )));
\ No newline at end of file
+OC_JSON::error(array("data" => array( "message" => "Error when creating the file" )));
diff --git a/files/ajax/newfolder.php b/files/ajax/newfolder.php
index d244fb7be1..6db045c4e1 100644
--- a/files/ajax/newfolder.php
+++ b/files/ajax/newfolder.php
@@ -6,15 +6,15 @@ require_once('../../lib/base.php');
 OC_JSON::checkLoggedIn();
 
 // Get the params
-$dir = isset( $_GET['dir'] ) ? $_GET['dir'] : '';
-$foldername = isset( $_GET['foldername'] ) ? $_GET['foldername'] : '';
+$dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : '';
+$foldername = isset( $_GET['foldername'] ) ? stripslashes($_GET['foldername']) : '';
 
 if(trim($foldername) == '') {
 	OC_JSON::error(array("data" => array( "message" => "Empty Foldername" )));
 	exit();
 }
 
-if(OC_Files::newFile($dir, $foldername, 'dir')) {
+if(OC_Files::newFile($dir, stripslashes($foldername), 'dir')) {
 	OC_JSON::success(array("data" => array()));
 	exit();
 }
diff --git a/files/ajax/rename.php b/files/ajax/rename.php
index 87ffbc3ada..a51b36635b 100644
--- a/files/ajax/rename.php
+++ b/files/ajax/rename.php
@@ -6,9 +6,9 @@ require_once('../../lib/base.php');
 OC_JSON::checkLoggedIn();
 
 // Get data
-$dir = $_GET["dir"];
-$file = $_GET["file"];
-$newname = $_GET["newname"];
+$dir = stripslashes($_GET["dir"]);
+$file = stripslashes($_GET["file"]);
+$newname = stripslashes($_GET["newname"]);
 
 // Delete
 if( OC_Files::move( $dir, $file, $dir, $newname )) {
diff --git a/files/index.php b/files/index.php
index 7f3c5c579e..fbf7a4901a 100644
--- a/files/index.php
+++ b/files/index.php
@@ -38,7 +38,7 @@ if(!isset($_SESSION['timezone'])){
 }
 OC_App::setActiveNavigationEntry( "files_index" );
 // Load the files
-$dir = isset( $_GET['dir'] ) ? $_GET['dir'] : '';
+$dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : '';
 // Redirect if directory does not exist
 if(!OC_Filesystem::is_dir($dir)) {
 	header("Location: ".$_SERVER['PHP_SELF']."");
-- 
GitLab