From 083dda2bd5e0b8408cc0b9c18a4a20416806214e Mon Sep 17 00:00:00 2001 From: Michael M Slusarz Date: Mon, 28 Jun 2010 22:52:01 -0600 Subject: [PATCH] MFB: Bug #7646 Submitted by: Valentin.Vidic@CARNet.hr Allow access to files with multiple consecutive dots in the name Revision Changes Path 1.1.2.7 +4 -2 framework/VFS/lib/VFS/file.php 1.36.4.35 +2 -1 framework/VFS/package.xml --- framework/VFS/lib/VFS/file.php | 4 +++- framework/VFS/package.xml | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/framework/VFS/lib/VFS/file.php b/framework/VFS/lib/VFS/file.php index 5367b974b..fa31bc90b 100644 --- a/framework/VFS/lib/VFS/file.php +++ b/framework/VFS/lib/VFS/file.php @@ -657,7 +657,9 @@ class VFS_file extends VFS { $name = basename($name); if (strlen($name)) { - $name = str_replace('..', '', $name); + if ($name == '..') { + $name = ''; + } if (substr($name, 0, 1) != '/') { $name = '/' . $name; } diff --git a/framework/VFS/package.xml b/framework/VFS/package.xml index 1d75c957a..fa03a43c6 100644 --- a/framework/VFS/package.xml +++ b/framework/VFS/package.xml @@ -128,7 +128,8 @@ Reading, writing and listing of files are all supported, and there are both obje beta LGPL - * Rename fixes for SMB driver (leena.heino@uta.fi, Horde Bug #7933). + * Allow access to files with multiple consecutive dots in the name (valentin.vidic@carnet.hr; Horde Bug #7646). +* Rename fixes for SMB driver (leena.heino@uta.fi, Horde Bug #7933). * Set LC_TIME to C for consistency in date parsing in the SSH2 backend (michael-dev@fami-braun.de, Horde Bug #6396) * Pass -n for numeric UIDs/GIDs in the SSH2 backend when mapping to local user ids (Horde Request #6579) * Fix readByteRange() (wrong method name) in SQL backend -- 2.11.0