aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/RedDAV/RedDirectory.php2
-rw-r--r--include/RedDAV/RedFile.php12
-rw-r--r--include/attach.php10
3 files changed, 18 insertions, 6 deletions
diff --git a/include/RedDAV/RedDirectory.php b/include/RedDAV/RedDirectory.php
index 507fde46f..87bdf8f13 100644
--- a/include/RedDAV/RedDirectory.php
+++ b/include/RedDAV/RedDirectory.php
@@ -251,7 +251,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
intval($filesize),
intval(0),
intval($is_photo),
- dbesc($this->os_path . '/' . $hash),
+ dbesc($f),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc($allow_cid),
diff --git a/include/RedDAV/RedFile.php b/include/RedDAV/RedFile.php
index ec6871a69..5a1b3453a 100644
--- a/include/RedDAV/RedFile.php
+++ b/include/RedDAV/RedFile.php
@@ -126,7 +126,11 @@ class RedFile extends DAV\Node implements DAV\IFile {
}
}
$fname = dbunescbin($d[0]['data']);
- $f = 'store/' . $this->auth->owner_nick . '/' . (($fname) ? $fname : '');
+ if(strpos($fname,'store') === false)
+ $f = 'store/' . $this->auth->owner_nick . '/' . (($fname) ? $fname : '');
+ else
+ $f = $fname;
+
// @todo check return value and set $size directly
@file_put_contents($f, $data);
$size = @filesize($f);
@@ -226,7 +230,11 @@ class RedFile extends DAV\Node implements DAV\IFile {
}
if (intval($r[0]['os_storage'])) {
- $f = 'store/' . $this->auth->owner_nick . '/' . (($this->os_path) ? $this->os_path . '/' : '') . dbunescbin($r[0]['data']);
+ $x = dbunsecbin($r[0]['data']);
+ if(strpos($x,'store') === false)
+ $f = 'store/' . $this->auth->owner_nick . '/' . (($this->os_path) ? $this->os_path . '/' : '') . $x;
+ else
+ $f = $x;
return fopen($f, 'rb');
}
return dbunescbin($r[0]['data']);
diff --git a/include/attach.php b/include/attach.php
index 8a568d8e1..36b971712 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -1270,9 +1270,13 @@ function attach_delete($channel_id, $resource, $is_photo = 0) {
);
if($y) {
- $f = 'store/' . $channel_address . '/' . $y[0]['data'];
- if(is_dir($y[0]['data']))
- @rmdir($y[0]['data']);
+ if(strpos($y[0]['data'],'store') === false)
+ $f = 'store/' . $channel_address . '/' . $y[0]['data'];
+ else
+ $f = $y[0]['data'];
+
+ if(is_dir($f))
+ @rmdir($f);
elseif(file_exists($f))
unlink($f);
}