diff options
author | Thomas Müller <thomas.mueller@tmit.eu> | 2015-06-23 13:05:32 +0300 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-06-23 13:05:32 +0300 |
commit | 053e7c27f4e1f9aeb2f15ab835115c3e23fa285e (patch) | |
tree | c422bf8d0426e2d6d73c2c418463be1d1c733480 | |
parent | ab63f9eacacfc49d5b5742df78131926b1392224 (diff) | |
parent | 2c39713bea28305c40d454cf087eaf8ec9d68532 (diff) |
Merge pull request #190 from owncloud/stable7-verify-pathv7.0.7betav7.0.7RC1
[stable7] Verify if path exists before processing
-rw-r--r-- | ajax/getimages.php | 3 | ||||
-rw-r--r-- | ajax/image.php | 3 | ||||
-rw-r--r-- | ajax/thumbnail.php | 3 |
3 files changed, 9 insertions, 0 deletions
diff --git a/ajax/getimages.php b/ajax/getimages.php index 10da4946..745a6948 100644 --- a/ajax/getimages.php +++ b/ajax/getimages.php @@ -27,6 +27,9 @@ if (isset($_GET['token'])) { // The token defines the target directory (security reasons) $path = \OC\Files\Filesystem::getPath($linkItem['file_source']); + if($path === null) { + exit(); + } $view = new \OC\Files\View(\OC\Files\Filesystem::getView()->getAbsolutePath($path)); $images = $view->searchByMime('image'); diff --git a/ajax/image.php b/ajax/image.php index 33174778..0b404cad 100644 --- a/ajax/image.php +++ b/ajax/image.php @@ -22,6 +22,9 @@ if (is_array($linkItem) && isset($linkItem['uid_owner'])) { OC_User::setIncognitoMode(true); $fullPath = \OC\Files\Filesystem::getPath($linkItem['file_source']); + if($fullPath === null) { + exit(); + } $img = trim($fullPath . '/' . $img); } else { OCP\JSON::checkLoggedIn(); diff --git a/ajax/thumbnail.php b/ajax/thumbnail.php index a4c18c1b..bb1ee2d5 100644 --- a/ajax/thumbnail.php +++ b/ajax/thumbnail.php @@ -22,6 +22,9 @@ if (is_array($linkItem) && isset($linkItem['uid_owner'])) { OC_Util::setupFS($user); $fullPath = \OC\Files\Filesystem::getPath($linkItem['file_source']); + if($fullPath === null) { + exit(); + } $img = trim($fullPath . '/' . $img); } else { OCP\JSON::checkLoggedIn(); |