diff options
author | Thomas Müller <thomas.mueller@tmit.eu> | 2015-06-23 13:09:20 +0300 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-06-23 13:09:20 +0300 |
commit | fded75b7b165ca11bb8236cee9e77266a271fa81 (patch) | |
tree | e44522cab33db034759387c08a648331df4637c7 | |
parent | d9834b9497c879fbef486b4680baed2ca3269db4 (diff) | |
parent | 0966faf3d78eb0b535e451a10b3d53dceb2a86fa (diff) |
[master] Verify if path exists before processing
-rw-r--r-- | ajax/batch.php | 3 | ||||
-rw-r--r-- | ajax/getimages.php | 3 | ||||
-rw-r--r-- | ajax/image.php | 3 | ||||
-rw-r--r-- | ajax/thumbnail.php | 3 |
4 files changed, 12 insertions, 0 deletions
diff --git a/ajax/batch.php b/ajax/batch.php index 3a1fe3ea..d92066b8 100644 --- a/ajax/batch.php +++ b/ajax/batch.php @@ -27,6 +27,9 @@ if (!empty($_GET['token'])) { OC_Util::setupFS($user); $root = \OC\Files\Filesystem::getPath($linkItem['file_source']) . '/'; + if($root === null) { + exit(); + } $images = array_map(function ($image) use ($root) { return $root . $image; }, $images); diff --git a/ajax/getimages.php b/ajax/getimages.php index 9c8a7cd5..40ce0154 100644 --- a/ajax/getimages.php +++ b/ajax/getimages.php @@ -28,6 +28,9 @@ if (isset($_GET['token'])) { // The token defines the target directory (security reasons) $path = \OC\Files\Filesystem::getPath($linkItem['file_source']); + if($path === null) { + exit(); + } $view = new \OC\Files\View(\OC\Files\Filesystem::getView()->getAbsolutePath($path)); $images = $view->searchByMime('image'); diff --git a/ajax/image.php b/ajax/image.php index 49c132ca..d29030ef 100644 --- a/ajax/image.php +++ b/ajax/image.php @@ -26,6 +26,9 @@ if (!empty($_GET['token'])) { OC_User::setIncognitoMode(true); $fullPath = \OC\Files\Filesystem::getPath($linkItem['file_source']); + if($fullPath === null) { + exit(); + } $img = trim($fullPath . '/' . $img); } else { OCP\JSON::checkLoggedIn(); diff --git a/ajax/thumbnail.php b/ajax/thumbnail.php index e983fe59..b40ed542 100644 --- a/ajax/thumbnail.php +++ b/ajax/thumbnail.php @@ -27,6 +27,9 @@ if (!empty($_GET['token'])) { OC_Util::setupFS($user); $fullPath = \OC\Files\Filesystem::getPath($linkItem['file_source']); + if($fullPath === null) { + exit(); + } $img = trim($fullPath . '/' . $img); } else { OCP\JSON::checkLoggedIn(); |