Filter out %0A from paths

author: Joas Schilling <coding@schilljs.com> 2016-09-01 11:06:06 +0300
committer: Joas Schilling <coding@schilljs.com> 2016-09-01 13:49:32 +0300
commit: 778ae8abd54c378fc4781394bbedc7a2ee3095e1 (patch)
tree: 2a111e69b11673cf4de490612b91ec8416a55236 /apps
parent: a98e66ddb09bd3af71eff2f3c8a0bcfbf571b7e7 (diff)
2 files changed, 8 insertions, 2 deletions
diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js
index 681e17d11a8..a61f6eaf89c 100644
--- a/apps/files/js/filelist.js
+++ b/apps/files/js/filelist.js
@@ -1327,6 +1327,10 @@
 			return OC.linkTo('files', 'index.php')+"?dir="+ encodeURIComponent(dir).replace(/%2F/g, '/');
 		},
 
+		/**
+		 * @param {string} path
+		 * @returns {boolean}
+		 */
 		_isValidPath: function(path) {
 			var sections = path.split('/');
 			for (var i = 0; i < sections.length; i++) {
@@ -1334,7 +1338,8 @@
 					return false;
 				}
 			}
-			return true;
+
+			return path.toLowerCase().indexOf(decodeURI('%0a')) === -1;
 		},
 
 		/**
diff --git a/apps/files/tests/js/filelistSpec.js b/apps/files/tests/js/filelistSpec.js
index cd378884995..9753e80d189 100644
--- a/apps/files/tests/js/filelistSpec.js
+++ b/apps/files/tests/js/filelistSpec.js
@@ -1333,9 +1333,10 @@ describe('OCA.Files.FileList tests', function() {
 				'/abc/..',
 				'/abc/../',
 				'/../abc/',
+				'/foo%0Abar/',
 				'/another\\subdir/../foo\\../bar\\..\\file/..\\folder/../'
 			], function(path) {
-				fileList.changeDirectory(path);
+				fileList.changeDirectory(decodeURI(path));
 				expect(fileList.getCurrentDirectory()).toEqual('/');
 			});
 		});
author	Joas Schilling <coding@schilljs.com>	2016-09-01 11:06:06 +0300
committer	Joas Schilling <coding@schilljs.com>	2016-09-01 13:49:32 +0300
commit	778ae8abd54c378fc4781394bbedc7a2ee3095e1 (patch)
tree	2a111e69b11673cf4de490612b91ec8416a55236 /apps
parent	a98e66ddb09bd3af71eff2f3c8a0bcfbf571b7e7 (diff)