From 9ab887fed543a22f8a57e3322eb4ff23834e2f86 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Schie=C3=9Fle?= <schiessle@owncloud.com>
Date: Wed, 26 Sep 2012 21:35:14 +0200
Subject: [PATCH] fix security issue, don't allow to go back in the path

---
 apps/files_external/ajax/removeRootCertificate.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/files_external/ajax/removeRootCertificate.php b/apps/files_external/ajax/removeRootCertificate.php
index 9b78e180d9..f87d4a5630 100644
--- a/apps/files_external/ajax/removeRootCertificate.php
+++ b/apps/files_external/ajax/removeRootCertificate.php
@@ -5,7 +5,7 @@ OCP\JSON::checkLoggedIn();
 OCP\JSON::callCheck();
 
 $view = \OCP\Files::getStorage("files_external");
-$cert = $_POST['cert'];
+$cert = ltrim($_POST['cert'], "/.");
 $file = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/'.$cert;
 unlink($file);
 OC_Mount_Config::createCertificateBundle();
-- 
GitLab