diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/RedDAV/RedDirectory.php | 2 | ||||
-rw-r--r-- | include/RedDAV/RedFile.php | 12 | ||||
-rw-r--r-- | include/attach.php | 10 |
3 files changed, 18 insertions, 6 deletions
diff --git a/include/RedDAV/RedDirectory.php b/include/RedDAV/RedDirectory.php index 507fde46f..87bdf8f13 100644 --- a/include/RedDAV/RedDirectory.php +++ b/include/RedDAV/RedDirectory.php @@ -251,7 +251,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { intval($filesize), intval(0), intval($is_photo), - dbesc($this->os_path . '/' . $hash), + dbesc($f), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($allow_cid), diff --git a/include/RedDAV/RedFile.php b/include/RedDAV/RedFile.php index ec6871a69..5a1b3453a 100644 --- a/include/RedDAV/RedFile.php +++ b/include/RedDAV/RedFile.php @@ -126,7 +126,11 @@ class RedFile extends DAV\Node implements DAV\IFile { } } $fname = dbunescbin($d[0]['data']); - $f = 'store/' . $this->auth->owner_nick . '/' . (($fname) ? $fname : ''); + if(strpos($fname,'store') === false) + $f = 'store/' . $this->auth->owner_nick . '/' . (($fname) ? $fname : ''); + else + $f = $fname; + // @todo check return value and set $size directly @file_put_contents($f, $data); $size = @filesize($f); @@ -226,7 +230,11 @@ class RedFile extends DAV\Node implements DAV\IFile { } if (intval($r[0]['os_storage'])) { - $f = 'store/' . $this->auth->owner_nick . '/' . (($this->os_path) ? $this->os_path . '/' : '') . dbunescbin($r[0]['data']); + $x = dbunsecbin($r[0]['data']); + if(strpos($x,'store') === false) + $f = 'store/' . $this->auth->owner_nick . '/' . (($this->os_path) ? $this->os_path . '/' : '') . $x; + else + $f = $x; return fopen($f, 'rb'); } return dbunescbin($r[0]['data']); diff --git a/include/attach.php b/include/attach.php index 8a568d8e1..36b971712 100644 --- a/include/attach.php +++ b/include/attach.php @@ -1270,9 +1270,13 @@ function attach_delete($channel_id, $resource, $is_photo = 0) { ); if($y) { - $f = 'store/' . $channel_address . '/' . $y[0]['data']; - if(is_dir($y[0]['data'])) - @rmdir($y[0]['data']); + if(strpos($y[0]['data'],'store') === false) + $f = 'store/' . $channel_address . '/' . $y[0]['data']; + else + $f = $y[0]['data']; + + if(is_dir($f)) + @rmdir($f); elseif(file_exists($f)) unlink($f); } |