diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2013-03-11 19:48:13 +0400 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2013-03-11 19:48:19 +0400 |
commit | 7b6a02226c91b66abc24333d6311eb20e085d4b1 (patch) | |
tree | 735c97e59f82bdcaa6a8826eeae3659329ec65f3 | |
parent | fae5bd363b4cc3bd00d1a983ca5aff4a0eb86408 (diff) |
Check if username is valid and remove slashes from filename
Backport of #2236 to stable4
-rw-r--r-- | lib/migrate.php | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/migrate.php b/lib/migrate.php index 41ea200abdb..394c21232d4 100644 --- a/lib/migrate.php +++ b/lib/migrate.php @@ -234,11 +234,20 @@ class OC_Migrate{ OC_Log::write( 'migration', 'User doesn\'t exist', OC_Log::ERROR ); return json_encode( array( 'success' => false ) ); } + + // Check if the username is valid + if( preg_match( '/[^a-zA-Z0-9 _\.@\-]/', $json->exporteduser )) { + OC_Log::write( 'migration', 'Username is not valid', OC_Log::ERROR ); + return json_encode( array( 'success' => false ) ); + } + // Copy data $userfolder = $extractpath . $json->exporteduser; $newuserfolder = $datadir . '/' . self::$uid; foreach(scandir($userfolder) as $file){ - if($file !== '.' && $file !== '..' && is_dir($file)){ + if($file !== '.' && $file !== '..' && is_dir($file)) { + $file = str_replace(array('/', '\\'), '', $file); + // Then copy the folder over OC_Helper::copyr($userfolder.'/'.$file, $newuserfolder.'/'.$file); } |