Checks if new folder name contains a "/".

2 files changed, 8 insertions, 2 deletions

diff --git a/www/constants.php b/www/constants.php
index 9245821..9595cc3 100644
--- a/www/constants.php
+++ b/www/constants.php
@@ -40,8 +40,10 @@ define("UPLOAD_SUCCESS", 29);
 define("UPLOAD_DATABASE", 30);
 define("UPLOAD_LOGIN", 31);
 define("UPLOAD_UPLOAD", 32);
-define("UPLOAD_PARENTFOLDER", 33); // cur. tested if integer. Later should be if owner and uploader the same person
+define("UPLOAD_PARENTFOLDER", 33); 	// cur. tested if integer. Later should be if owner and uploader the same person
 define("UPLOAD_QUOTA", 34);
 define("UPLOAD_FILE_HANDLING", 35);
 define("UPLOAD_MOVING", 36);
 define("UPLOAD_DUPLICATE", 37);
+
+define("MKDIR_SLASH_IN_FOLDER_NAME", 38);	//check TODO
diff --git a/www/functions/func_folder.php b/www/functions/func_folder.php
index 537e106..cd60852 100644
--- a/www/functions/func_folder.php
+++ b/www/functions/func_folder.php
@@ -17,7 +17,11 @@ function create_folder($path, $new_folder_name, $share){
 		return MKDIR_OWNER;
 	}
 
-//	echo "path: ".$path." file_id: ".$file_id." userid: ".$_SESSION['userid']." new_folder_name: ".$new_folder_name." share: ".$share."<br>"; exit;
+	//TODO: Cut trailing or leading slash
+	//TODO: Maye create two folders instead of returning an error?
+	if(preg_match("/\//", $new_folder_name)){
+		return MKDIR_SLASH_IN_FOLDER_NAME;
+	}
 
 	$dupl_db = $db->query("SELECT parent FROM files WHERE name='" . SQLite3::escapeString($new_folder_name) . "';");
 	while($dupl_ar = $dupl_db->fetchArray(SQLITE3_NUM)){