server/apps/files/ajax/newfolder.php
Lukas Reschke a7df23ceba Manually type-case all AJAX files
This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support 🙈

Fixes https://github.com/owncloud/core/issues/14196 for core
2015-02-13 13:33:20 +01:00

65 lines
1.7 KiB
PHP

<?php
// Init owncloud
OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck();
\OC::$server->getSession()->close();
// Get the params
$dir = isset($_POST['dir']) ? (string)$_POST['dir'] : '';
$foldername = isset($_POST['foldername']) ?(string) $_POST['foldername'] : '';
$l10n = \OC::$server->getL10N('files');
$result = array(
'success' => false,
'data' => NULL
);
if(trim($foldername) === '') {
$result['data'] = array('message' => $l10n->t('Folder name cannot be empty.'));
OCP\JSON::error($result);
exit();
}
if(!OCP\Util::isValidFileName($foldername)) {
$result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."));
OCP\JSON::error($result);
exit();
}
if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
$result['data'] = array('message' => (string)$l10n->t(
'The target folder has been moved or deleted.'),
'code' => 'targetnotfound'
);
OCP\JSON::error($result);
exit();
}
$target = $dir . '/' . $foldername;
if (\OC\Files\Filesystem::file_exists($target)) {
$result['data'] = array('message' => $l10n->t(
'The name %s is already used in the folder %s. Please choose a different name.',
array($foldername, $dir))
);
OCP\JSON::error($result);
exit();
}
if(\OC\Files\Filesystem::mkdir($target)) {
if ( $dir !== '/') {
$path = $dir.'/'.$foldername;
} else {
$path = '/'.$foldername;
}
$meta = \OC\Files\Filesystem::getFileInfo($path);
$meta['type'] = 'dir'; // missing ?!
OCP\JSON::success(array('data' => \OCA\Files\Helper::formatFileInfo($meta)));
exit();
}
OCP\JSON::error(array('data' => array( 'message' => $l10n->t('Error when creating the folder') )));