mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #277 from nextcloud/traversal-directory-js 

[stable9] Do not allow directory traversal using "../" in JS file list
This commit is contained in:
Björn Schießle 2016-07-01 18:00:25 +02:00 committed by GitHub
parent 756b0c05b6 dea8e29289
commit 12796500e0
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/files/js/filelist.js
View File

@ -1333,7 +1333,7 @@
* @param changeUrl true to also update the URL, false otherwise (default)
*/
_setCurrentDir: function(targetDir, changeUrl) {
targetDir = targetDir.replace(/\\/g, '/');
targetDir = targetDir.replace(/\\/g, '/').replace(/\/\.\.\//g, '/');
var previousDir = this.getCurrentDirectory(),
baseDir = OC.basename(targetDir);
@ -1469,7 +1469,7 @@
return false;
}
if (status === 404) {
if (status === 404 || status === 405) {
// go back home
this.changeDirectory('/');
return false;

13
apps/files/tests/js/filelistSpec.js
View File

@ -1323,11 +1323,24 @@ describe('OCA.Files.FileList tests', function() {
fileList.changeDirectory('/another\\subdir');
expect(fileList.getCurrentDirectory()).toEqual('/another/subdir');
});
it('converts backslashes to slashes and removes traversals when calling changeDirectory()', function() {
fileList.changeDirectory('/another\\subdir/../foo\\../bar\\..\\file/..\\folder/../');
expect(fileList.getCurrentDirectory()).toEqual('/another/subdir/foo/bar/file/folder/');
});
it('does not convert folders with a ".." in the name', function() {
fileList.changeDirectory('/abc../def');
expect(fileList.getCurrentDirectory()).toEqual('/abc../def');
});
it('switches to root dir when current directory does not exist', function() {
fileList.changeDirectory('/unexist');
deferredList.reject(404);
expect(fileList.getCurrentDirectory()).toEqual('/');
});
it('switches to root dir when current directory returns 405', function() {
fileList.changeDirectory('/unexist');
deferredList.reject(405);
expect(fileList.getCurrentDirectory()).toEqual('/');
});
it('switches to root dir when current directory is forbidden', function() {
fileList.changeDirectory('/unexist');
deferredList.reject(403);