Index: branches/5.2.x/core/ckeditor/ckfinder/core/connector/php/php5/Utils/FileSystem.php =================================================================== diff -u -N -r15042 -r15316 --- branches/5.2.x/core/ckeditor/ckfinder/core/connector/php/php5/Utils/FileSystem.php (.../FileSystem.php) (revision 15042) +++ branches/5.2.x/core/ckeditor/ckfinder/core/connector/php/php5/Utils/FileSystem.php (.../FileSystem.php) (revision 15316) @@ -3,7 +3,7 @@ * CKFinder * ======== * http://ckfinder.com - * Copyright (C) 2007-2011, CKSource - Frederico Knabben. All rights reserved. + * Copyright (C) 2007-2012, CKSource - Frederico Knabben. All rights reserved. * * The software, this file and its contents are subject to the CKFinder * License. Please read the license.txt file before using, installing, copying, @@ -79,6 +79,8 @@ */ public static function checkFileName($fileName) { + $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); + if (is_null($fileName) || !strlen($fileName) || substr($fileName,-1,1)=="." || false!==strpos($fileName, "..")) { return false; } @@ -87,10 +89,37 @@ return false; } + if ($_config->getDisallowUnsafeCharacters()) { + if (strpos($fileName, ";") !== false) { + return false; + } + } + return true; } /** + * Check whether $folderName is a valid folder name, return true on success + * + * @static + * @access public + * @param string $folderName + * @return boolean + */ + public static function checkFolderName($folderName) + { + $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); + + if ($_config->getDisallowUnsafeCharacters()) { + if (strpos($folderName, ".") !== false) { + return false; + } + } + + return CKFinder_Connector_Utils_FileSystem::checkFileName($folderName); + } + + /** * Unlink file/folder * * @static