Skip to content
Permalink
Browse files Browse the repository at this point in the history
Filter out %0A from paths
  • Loading branch information
nickvergessen committed Sep 1, 2016
1 parent a98e66d commit 778ae8a
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
7 changes: 6 additions & 1 deletion apps/files/js/filelist.js
Expand Up @@ -1327,14 +1327,19 @@
return OC.linkTo('files', 'index.php')+"?dir="+ encodeURIComponent(dir).replace(/%2F/g, '/');
},

/**
* @param {string} path
* @returns {boolean}
*/
_isValidPath: function(path) {
var sections = path.split('/');
for (var i = 0; i < sections.length; i++) {
if (sections[i] === '..') {
return false;
}
}
return true;

return path.toLowerCase().indexOf(decodeURI('%0a')) === -1;
},

/**
Expand Down
3 changes: 2 additions & 1 deletion apps/files/tests/js/filelistSpec.js
Expand Up @@ -1333,9 +1333,10 @@ describe('OCA.Files.FileList tests', function() {
'/abc/..',
'/abc/../',
'/../abc/',
'/foo%0Abar/',
'/another\\subdir/../foo\\../bar\\..\\file/..\\folder/../'
], function(path) {
fileList.changeDirectory(path);
fileList.changeDirectory(decodeURI(path));
expect(fileList.getCurrentDirectory()).toEqual('/');
});
});
Expand Down

0 comments on commit 778ae8a

Please sign in to comment.