From 1a05220aa31ebe8f9322c040190357bbf1c5f3eb Mon Sep 17 00:00:00 2001 From: Varun Patil Date: Thu, 19 Oct 2023 18:51:54 -0700 Subject: [PATCH] folders: sanitize the path Signed-off-by: Varun Patil --- lib/Controller/FoldersController.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/Controller/FoldersController.php b/lib/Controller/FoldersController.php index b5bf0bc0..1b943b85 100644 --- a/lib/Controller/FoldersController.php +++ b/lib/Controller/FoldersController.php @@ -19,10 +19,15 @@ class FoldersController extends GenericApiController public function sub(string $folder): Http\Response { return Util::guardEx(function () use ($folder) { + $folder = Util::sanitizePath($folder); + if (null === $folder) { + throw Exceptions::BadRequest('Invalid parameter folder'); + } + try { $node = Util::getUserFolder()->get($folder); } catch (\OCP\Files\NotFoundException) { - throw Exceptions::NotFound('Folder not found'); + throw Exceptions::NotFound("Folder not found: {$folder}"); } if (!$node instanceof Folder) {