From 7313f1b72659777e0c08d089293433109940d788 Mon Sep 17 00:00:00 2001
From: Horus3
Date: Tue, 18 Mar 2014 01:08:43 +0100
Subject: Checks if new folder name contains a "/".

---
 www/constants.php             | 4 +++-
 www/functions/func_folder.php | 6 +++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/www/constants.php b/www/constants.php
index 9245821..9595cc3 100644
--- a/www/constants.php
+++ b/www/constants.php
@@ -40,8 +40,10 @@ define("UPLOAD_SUCCESS", 29);
 define("UPLOAD_DATABASE", 30);
 define("UPLOAD_LOGIN", 31);
 define("UPLOAD_UPLOAD", 32);
-define("UPLOAD_PARENTFOLDER", 33); // cur. tested if integer. Later should be if owner and uploader the same person
+define("UPLOAD_PARENTFOLDER", 33); 	// cur. tested if integer. Later should be if owner and uploader the same person
 define("UPLOAD_QUOTA", 34);
 define("UPLOAD_FILE_HANDLING", 35);
 define("UPLOAD_MOVING", 36);
 define("UPLOAD_DUPLICATE", 37);
+
+define("MKDIR_SLASH_IN_FOLDER_NAME", 38);	//check TODO
diff --git a/www/functions/func_folder.php b/www/functions/func_folder.php
index 537e106..cd60852 100644
--- a/www/functions/func_folder.php
+++ b/www/functions/func_folder.php
@@ -17,7 +17,11 @@ function create_folder($path, $new_folder_name, $share){
 		return MKDIR_OWNER;
 	}
 
-//	echo "path: ".$path." file_id: ".$file_id." userid: ".$_SESSION['userid']." new_folder_name: ".$new_folder_name." share: ".$share."<br>"; exit;
+	//TODO: Cut trailing or leading slash
+	//TODO: Maye create two folders instead of returning an error?
+	if(preg_match("/\//", $new_folder_name)){
+		return MKDIR_SLASH_IN_FOLDER_NAME;
+	}
 
 	$dupl_db = $db->query("SELECT parent FROM files WHERE name='" . SQLite3::escapeString($new_folder_name) . "';");
 	while($dupl_ar = $dupl_db->fetchArray(SQLITE3_NUM)){
-- 
cgit v1.2.3