diff --git a/core/src/plugins/access.fs/FsAccessDriver.php b/core/src/plugins/access.fs/FsAccessDriver.php index b31934392e..1a18627a06 100644 --- a/core/src/plugins/access.fs/FsAccessDriver.php +++ b/core/src/plugins/access.fs/FsAccessDriver.php @@ -1113,7 +1113,8 @@ public function switchAction(ServerRequestInterface &$request, ResponseInterface $destNode = $selection->nodeForPath($dest); $this->filterUserSelectionToHidden($ctx, [$destNode->getLabel()]); }else if(isSet($httpVars["filename_new"])){ - $filename_new = InputFilter::decodeSecureMagic($httpVars["filename_new"]); + $filename_new = InputFilter::decodeSecureMagic($httpVars["filename_new"], InputFilter::SANITIZE_FILENAME); + $filename_new = rtrim($filename_new); $this->filterUserSelectionToHidden($ctx, [$filename_new]); } $renamedNode = $this->rename($originalNode, $destNode, $filename_new); @@ -1148,6 +1149,7 @@ public function switchAction(ServerRequestInterface &$request, ResponseInterface $parentDir = PathUtils::forwardSlashDirname($newDirPath); $basename = PathUtils::forwardSlashBasename($newDirPath); $basename = substr($basename, 0, $max_length); + $basename = rtrim($basename); $this->filterUserSelectionToHidden($ctx, [$basename]); $parentNode = $selection->nodeForPath($parentDir); try{ @@ -2545,4 +2547,4 @@ public function makeSharedRepositoryOptions(ContextInterface $ctx, $httpVars) } -} \ No newline at end of file +}