Merge pull request #2236 from owncloud/fix-migration

Check if username is valid and remove slashes from filename
author: Bernhard Posselt <nukeawhale@gmail.com> 2013-03-11 19:43:09 +0400
committer: Bernhard Posselt <nukeawhale@gmail.com> 2013-03-11 19:43:09 +0400
commit: 769317702fa058dcf2542886819e6463fb6144dc (patch)
tree: 347fb601fda06cabe27de439b5bf453fb0244abb
parent: 1e20067c005a2363b06b8e163c95c75a32dea3b0 (diff)
parent: 3ae70ab162c005a8931e757f29536e10d2d5fe7a (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/migrate.php b/lib/migrate.php
index a0a329705a3..0b319177400 100644
--- a/lib/migrate.php
+++ b/lib/migrate.php
@@ -246,11 +246,20 @@ class OC_Migrate{
 					OC_Log::write( 'migration', 'User doesn\'t exist', OC_Log::ERROR );
 					return json_encode( array( 'success' => false ) );
 				}
+
+				// Check if the username is valid
+				if( preg_match( '/[^a-zA-Z0-9 _\.@\-]/', $json->exporteduser )) {
+					OC_Log::write( 'migration', 'Username is not valid', OC_Log::ERROR );
+					return json_encode( array( 'success' => false ) );
+				}
+
 				// Copy data
 				$userfolder = $extractpath . $json->exporteduser;
 				$newuserfolder = $datadir . '/' . self::$uid;
 				foreach(scandir($userfolder) as $file){
 					if($file !== '.' && $file !== '..' && is_dir($file)) {
+						$file = str_replace(array('/', '\\'), '',  $file);
+
 						// Then copy the folder over
 						OC_Helper::copyr($userfolder.'/'.$file, $newuserfolder.'/'.$file);
 					}
author	Bernhard Posselt <nukeawhale@gmail.com>	2013-03-11 19:43:09 +0400
committer	Bernhard Posselt <nukeawhale@gmail.com>	2013-03-11 19:43:09 +0400
commit	769317702fa058dcf2542886819e6463fb6144dc (patch)
tree	347fb601fda06cabe27de439b5bf453fb0244abb
parent	1e20067c005a2363b06b8e163c95c75a32dea3b0 (diff)
parent	3ae70ab162c005a8931e757f29536e10d2d5fe7a (diff)