Merge pull request #157 from nextcloud/stable10-do-set-albumpath-to-empty-if-error-is-thrownv10.0.1RC1 v10.0.1

Stable10 do set albumpath to empty if error is thrown
author: Lukas Reschke <lukas@statuscode.ch> 2016-09-14 20:36:57 +0300
committer: GitHub <noreply@github.com> 2016-09-14 20:36:57 +0300
commit: f40139fb2abd8d38bc47e2096c23c60ea27f409d (patch)
tree: 4faa7fc10b483d6722d02801425072d04a70da07
parent: 88a89aeadf176b0f05f71f3edc5f9823ec3ec99a (diff)
parent: fec49dbc71aca2784bc6f5eef900611484405fa5 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/js/galleryview.js b/js/galleryview.js
index eb147c7d..73b6e59a 100644
--- a/js/galleryview.js
+++ b/js/galleryview.js
@@ -37,12 +37,33 @@
 		},
 
 		/**
+		 * @param {string} path
+		 * @returns {boolean}
+		 */
+		_isValidPath: function(path) {
+			var sections = path.split('/');
+			for (var i = 0; i < sections.length; i++) {
+				if (sections[i] === '..') {
+					return false;
+				}
+			}
+
+			return path.toLowerCase().indexOf(decodeURI('%0a')) === -1 &&
+				path.toLowerCase().indexOf(decodeURI('%00')) === -1;
+		},
+
+		/**
 		 * Populates the view if there are images or albums to show
 		 *
 		 * @param {string} albumPath
 		 * @param {string|undefined} errorMessage
 		 */
 		init: function (albumPath, errorMessage) {
+			// Set path to an empty value if not a valid one
+			if(!this._isValidPath(albumPath)) {
+				albumPath = '';
+			}
+
 			// Only do it when the app is initialised
 			if (this.requestId === -1) {
 				this._initButtons();
author	Lukas Reschke <lukas@statuscode.ch>	2016-09-14 20:36:57 +0300
committer	GitHub <noreply@github.com>	2016-09-14 20:36:57 +0300
commit	f40139fb2abd8d38bc47e2096c23c60ea27f409d (patch)
tree	4faa7fc10b483d6722d02801425072d04a70da07
parent	88a89aeadf176b0f05f71f3edc5f9823ec3ec99a (diff)
parent	fec49dbc71aca2784bc6f5eef900611484405fa5 (diff)