From 3ae70ab162c005a8931e757f29536e10d2d5fe7a Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Mon, 11 Mar 2013 16:21:26 +0100
Subject: [PATCH] Check if username is valid and remove slashes from filename

---
 lib/migrate.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/migrate.php b/lib/migrate.php
index a0a329705a..0b31917740 100644
--- a/lib/migrate.php
+++ b/lib/migrate.php
@@ -246,11 +246,20 @@ class OC_Migrate{
 					OC_Log::write( 'migration', 'User doesn\'t exist', OC_Log::ERROR );
 					return json_encode( array( 'success' => false ) );
 				}
+
+				// Check if the username is valid
+				if( preg_match( '/[^a-zA-Z0-9 _\.@\-]/', $json->exporteduser )) {
+					OC_Log::write( 'migration', 'Username is not valid', OC_Log::ERROR );
+					return json_encode( array( 'success' => false ) );
+				}
+
 				// Copy data
 				$userfolder = $extractpath . $json->exporteduser;
 				$newuserfolder = $datadir . '/' . self::$uid;
 				foreach(scandir($userfolder) as $file){
 					if($file !== '.' && $file !== '..' && is_dir($file)) {
+						$file = str_replace(array('/', '\\'), '',  $file);
+
 						// Then copy the folder over
 						OC_Helper::copyr($userfolder.'/'.$file, $newuserfolder.'/'.$file);
 					}
-- 
GitLab