From aa9ffd119aea9a2cb527a0ac662fcdaad464fc68 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Schie=C3=9Fle?= <schiessle@owncloud.com>
Date: Thu, 27 Sep 2012 12:37:23 +0200
Subject: [PATCH] check if file really exist before add/remove it

---
 apps/files_external/ajax/addRootCertificate.php    |  5 +++++
 apps/files_external/ajax/removeRootCertificate.php | 11 +++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/apps/files_external/ajax/addRootCertificate.php b/apps/files_external/ajax/addRootCertificate.php
index 42927b8606..e0a0239c95 100644
--- a/apps/files_external/ajax/addRootCertificate.php
+++ b/apps/files_external/ajax/addRootCertificate.php
@@ -2,6 +2,11 @@
 
 OCP\JSON::checkAppEnabled('files_external');
 
+if ( !($filename = $_FILES['rootcert_import']['name']) ) {
+	header("Location: settings/personal.php");
+	exit;
+}
+
 $fh = fopen($_FILES['rootcert_import']['tmp_name'], 'r');
 $data = fread($fh, filesize($_FILES['rootcert_import']['tmp_name']));
 fclose($fh);
diff --git a/apps/files_external/ajax/removeRootCertificate.php b/apps/files_external/ajax/removeRootCertificate.php
index 8c196eddf5..6871b0fd1d 100644
--- a/apps/files_external/ajax/removeRootCertificate.php
+++ b/apps/files_external/ajax/removeRootCertificate.php
@@ -5,7 +5,10 @@ OCP\JSON::checkLoggedIn();
 OCP\JSON::callCheck();
 
 $view = \OCP\Files::getStorage("files_external");
-$cert = ltrim($_POST['cert'], "/\\.");
-$file = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/'.$cert;
-unlink($file);
-OC_Mount_Config::createCertificateBundle();
+$file = 'uploads/'.ltrim($_POST['cert'], "/\\.");
+
+if ( $view->file_exists($file) ) {
+	$view->unlink($file);
+	OC_Mount_Config::createCertificateBundle();
+}
+
-- 
GitLab