Skip to content
Snippets Groups Projects
Commit 3210fe25 authored by Bartek Przybylski's avatar Bartek Przybylski
Browse files

fix creating/moving/renaming/deleting files/dirs with ' in name

parent 15ea8383
Branches
No related tags found
No related merge requests found
...@@ -6,8 +6,8 @@ require_once('../../lib/base.php'); ...@@ -6,8 +6,8 @@ require_once('../../lib/base.php');
OC_JSON::checkLoggedIn(); OC_JSON::checkLoggedIn();
// Get data // Get data
$dir = $_GET["dir"]; $dir = stripslashes($_GET["dir"]);
$files = isset($_GET["file"]) ? $_GET["file"] : $_GET["files"]; $files = isset($_GET["file"]) ? stripslashes($_GET["file"]) : stripslashes($_GET["files"]);
$files = explode(';', $files); $files = explode(';', $files);
$filesWithError = ''; $filesWithError = '';
......
...@@ -6,9 +6,9 @@ require_once('../../lib/base.php'); ...@@ -6,9 +6,9 @@ require_once('../../lib/base.php');
OC_JSON::checkLoggedIn(); OC_JSON::checkLoggedIn();
// Get data // Get data
$dir = $_GET["dir"]; $dir = stripslashes($_GET["dir"]);
$file = $_GET["file"]; $file = stripslashes($_GET["file"]);
$target = $_GET["target"]; $target = stripslashes($_GET["target"]);
if(OC_Files::move($dir,$file,$target,$file)){ if(OC_Files::move($dir,$file,$target,$file)){
......
...@@ -6,8 +6,8 @@ require_once('../../lib/base.php'); ...@@ -6,8 +6,8 @@ require_once('../../lib/base.php');
OC_JSON::checkLoggedIn(); OC_JSON::checkLoggedIn();
// Get the params // Get the params
$dir = isset( $_GET['dir'] ) ? $_GET['dir'] : ''; $dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : '';
$filename = isset( $_GET['filename'] ) ? $_GET['filename'] : ''; $filename = isset( $_GET['filename'] ) ? stripslashes($_GET['filename']) : '';
$content = isset( $_GET['content'] ) ? $_GET['content'] : ''; $content = isset( $_GET['content'] ) ? $_GET['content'] : '';
if($filename == '') { if($filename == '') {
......
...@@ -6,15 +6,15 @@ require_once('../../lib/base.php'); ...@@ -6,15 +6,15 @@ require_once('../../lib/base.php');
OC_JSON::checkLoggedIn(); OC_JSON::checkLoggedIn();
// Get the params // Get the params
$dir = isset( $_GET['dir'] ) ? $_GET['dir'] : ''; $dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : '';
$foldername = isset( $_GET['foldername'] ) ? $_GET['foldername'] : ''; $foldername = isset( $_GET['foldername'] ) ? stripslashes($_GET['foldername']) : '';
if(trim($foldername) == '') { if(trim($foldername) == '') {
OC_JSON::error(array("data" => array( "message" => "Empty Foldername" ))); OC_JSON::error(array("data" => array( "message" => "Empty Foldername" )));
exit(); exit();
} }
if(OC_Files::newFile($dir, $foldername, 'dir')) { if(OC_Files::newFile($dir, stripslashes($foldername), 'dir')) {
OC_JSON::success(array("data" => array())); OC_JSON::success(array("data" => array()));
exit(); exit();
} }
......
...@@ -6,9 +6,9 @@ require_once('../../lib/base.php'); ...@@ -6,9 +6,9 @@ require_once('../../lib/base.php');
OC_JSON::checkLoggedIn(); OC_JSON::checkLoggedIn();
// Get data // Get data
$dir = $_GET["dir"]; $dir = stripslashes($_GET["dir"]);
$file = $_GET["file"]; $file = stripslashes($_GET["file"]);
$newname = $_GET["newname"]; $newname = stripslashes($_GET["newname"]);
// Delete // Delete
if( OC_Files::move( $dir, $file, $dir, $newname )) { if( OC_Files::move( $dir, $file, $dir, $newname )) {
......
...@@ -38,7 +38,7 @@ if(!isset($_SESSION['timezone'])){ ...@@ -38,7 +38,7 @@ if(!isset($_SESSION['timezone'])){
} }
OC_App::setActiveNavigationEntry( "files_index" ); OC_App::setActiveNavigationEntry( "files_index" );
// Load the files // Load the files
$dir = isset( $_GET['dir'] ) ? $_GET['dir'] : ''; $dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : '';
// Redirect if directory does not exist // Redirect if directory does not exist
if(!OC_Filesystem::is_dir($dir)) { if(!OC_Filesystem::is_dir($dir)) {
header("Location: ".$_SERVER['PHP_SELF'].""); header("Location: ".$_SERVER['PHP_SELF']."");
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment