From ef9b5c940a6f9b39b3e9772f55f2ee96e3fc3867 Mon Sep 17 00:00:00 2001
From: Marco Dickert <marco@misterunknown.de>
Date: Mon, 24 Jul 2017 16:59:00 +0200
Subject: [PATCH] spread the isFilenameValid function

---
 src/main.php | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/main.php b/src/main.php
index 25ffef2..39732ad 100644
--- a/src/main.php
+++ b/src/main.php
@@ -377,7 +377,8 @@ f00bar;
 		}
 		if( $dn == "" ) {
 			echo json_encode( array( "status" => "ERROR", "message" => "No valid directory name") );
-		} elseif( strpos( $dn, '/' ) !== false ) echo json_encode( array( "status" => "ERROR", "message" => "No slashes allowed in directory names" ) );
+		} elseif( ! $this->isFilenameValid( $dn ) )
+			echo json_encode( array( "status" => "ERROR", "message" => "No slashes allowed in directory names" ) );
 		else {
 			$this->chDirIfNecessary( $w );
 			if( @mkdir( $dn ) ) {
@@ -502,7 +503,7 @@ f00bar;
 	private function renameFile( array $d ) {
 		if( $this->config['rename'] != 1 ) {
 			echo json_encode( array( "status" => "ERROR", "message" => "No permission to rename files" ) );
-		} elseif( $d['filename'] == ".." ) {
+		} elseif( ! $this->isFilenameValid( $d['filename'] ) ) {
 			echo json_encode( array( "status" => "ERROR", "message" => "No valid file name given" ) );
 		} else {
 			$this->chDirIfNecessary( $d['dir'] );
@@ -649,8 +650,8 @@ f00bar;
 			$this->chDirIfNecessary( $d['dir'] );
 			if( ! file_exists( $d['filename'] ) )
 				echo json_encode( array( "status" => "ERROR", "message" => "Directory not found" ) );
-			elseif ( ! $this->allowedFileName( $d['filename'] ) )
-				echo json_encode( array( "status" => "ERROR", "message" => "Filename not allowed" ) );
+			elseif ( ! $this->isFilenameValid( $d['filename'] ) )
+				echo json_encode( array( "status" => "ERROR", "message" => "Filename not valid" ) );
 			else {
 				unset( $zip );
 				$dfile = $this->pathCombine( $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
@@ -685,8 +686,8 @@ f00bar;
 			$this->chDirIfNecessary( $d['dir'] );
 			$ch = curl_init( );
 			if( $ch ) {
-				if( $this->allowedFileName( $filename ) == false )
-					echo json_encode( array( "status" => "ERROR", "message" => "This filename is not allowed due to the config." ) );
+				if( $this->isFilenameValid( $filename ) == false )
+					echo json_encode( array( "status" => "ERROR", "message" => "This filename is not valid." ) );
 				elseif( filter_var( $d['url'], FILTER_VALIDATE_URL ) === false )
 					echo json_encode( array( "status" => "ERROR", "message" => "The passed URL is not valid" ) );
 				else {
@@ -989,7 +990,7 @@ f00bar;
 	}
 
 	// check if filename is allowed
-	private function allowedFileName( $f ) {
+	private function isFilenameValid( $f ) {
 		if( $this->config['showhtdocs'] != 1 && substr( $f, 0, 3 ) == ".ht" )
 			return false;
 		elseif( $this->config['showhiddenfiles'] != 1 && substr( $f, 0, 1 ) == "." )