open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix security issue, don't allow to go back in the path

Browse Source
remotes/origin/stable45
Björn Schießle 12 years ago
parent a7292e897a
commit 9ab887fed5
1 changed files with 1 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      apps/files_external/ajax/removeRootCertificate.php

2
apps/files_external/ajax/removeRootCertificate.php vendored
Unescape View File

@ -5,7 +5,7 @@ OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck();
$view = \OCP\Files::getStorage("files_external");
$cert = $_POST['cert'];
$cert = ltrim($_POST['cert'], "/.");
$file = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/'.$cert;
unlink($file);
OC_Mount_Config::createCertificateBundle();

Write Preview
Loading…
Cancel
Save