fix validation of getfile parameter - i hate this bloody merge conflicts

d0323451 · Georg Ehrke · 8534373f · d0323451 · d0323451
Commit d0323451 authored 12 years ago by Georg Ehrke
--- a/lib/base.php
+++ b/lib/base.php
@@ -443,8 +443,8 @@ class OC{
 			$_GET['getfile'] = $file;
 		}
 		if(!is_null(self::$REQUESTEDFILE)){
-			$subdir = OC::$APPSROOT . '/' . self::$REQUESTEDAPP . '/' . self::$REQUESTEDFILE;
-			$parent = OC::$APPSROOT . '/' . self::$REQUESTEDAPP;
+			$subdir = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP . '/' . self::$REQUESTEDFILE;
+			$parent = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP;
 			if(!OC_Helper::issubdirectory($subdir, $parent)){
 				self::$REQUESTEDFILE = null;
 				header('HTTP/1.0 404 Not Found');

--- a/lib/helper.php
+++ b/lib/helper.php
@@ -576,14 +576,12 @@ class OC_Helper {
 				return true;
 			}
 		}
-		/*
-		echo 'SUB: ' . $sub . "\n";
+		/*echo 'SUB: ' . $sub . "\n";
 		echo 'PAR: ' . $parent . "\n";
 		echo 'REALSUB: ' . $realpath_sub . "\n";
 		echo 'REALPAR: ' . $realpath_parent . "\n";
 		echo substr($realpath_sub, 0, strlen($realpath_parent));
-		exit;
-		*/
+		exit;*/
 		return false;
 	}
 }