From 5c9998179fa236a4863b467d0aff56fc9f67cceb Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Thu, 26 Mar 2015 12:15:02 +0100 Subject: [PATCH 1/3] Properly quote file names in listFiles query for GDrive --- apps/files_external/lib/google.php | 2 +- tests/lib/files/storage/storage.php | 34 +++++++++++++++-------------- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/apps/files_external/lib/google.php b/apps/files_external/lib/google.php index 291f9364dd..860a775c5e 100644 --- a/apps/files_external/lib/google.php +++ b/apps/files_external/lib/google.php @@ -113,7 +113,7 @@ class Google extends \OC\Files\Storage\Common { if (isset($this->driveFiles[$path])) { $parentId = $this->driveFiles[$path]->getId(); } else { - $q = "title='".$name."' and '".$parentId."' in parents and trashed = false"; + $q = "title='".rawurlencode($name)."' and '".$parentId."' in parents and trashed = false"; $result = $this->service->files->listFiles(array('q' => $q))->getItems(); if (!empty($result)) { // Google Drive allows files with the same name, ownCloud doesn't diff --git a/tests/lib/files/storage/storage.php b/tests/lib/files/storage/storage.php index 30f403d60d..ad7522f1ea 100644 --- a/tests/lib/files/storage/storage.php +++ b/tests/lib/files/storage/storage.php @@ -104,13 +104,14 @@ abstract class Storage extends \Test\TestCase { } public function directoryProvider() { - return array( - array('folder'), - array(' folder'), - array('folder '), - array('folder with space'), - array('spéciäl földer'), - ); + return [ + ['folder'], + [' folder'], + ['folder '], + ['folder with space'], + ['spéciäl földer'], + ['test single\'quote'], + ]; } function loremFileProvider() { @@ -163,15 +164,16 @@ abstract class Storage extends \Test\TestCase { public function copyAndMoveProvider() { - return array( - array('/source.txt', '/target.txt'), - array('/source.txt', '/target with space.txt'), - array('/source with space.txt', '/target.txt'), - array('/source with space.txt', '/target with space.txt'), - array('/source.txt', '/tärgét.txt'), - array('/sòurcē.txt', '/target.txt'), - array('/sòurcē.txt', '/tärgét.txt'), - ); + return [ + ['/source.txt', '/target.txt'], + ['/source.txt', '/target with space.txt'], + ['/source with space.txt', '/target.txt'], + ['/source with space.txt', '/target with space.txt'], + ['/source.txt', '/tärgét.txt'], + ['/sòurcē.txt', '/target.txt'], + ['/sòurcē.txt', '/tärgét.txt'], + ['/single \' quote.txt', '/tar\'get.txt'], + ]; } public function initSourceAndTarget ($source, $target = null) { From 7036309e22f8b9abbbcf63a2f33d5e39bb344ee6 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Thu, 26 Mar 2015 13:57:28 +0100 Subject: [PATCH 2/3] Added rawurlencode for other params in GDrive storage --- apps/files_external/lib/google.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/files_external/lib/google.php b/apps/files_external/lib/google.php index 860a775c5e..b9d3666f95 100644 --- a/apps/files_external/lib/google.php +++ b/apps/files_external/lib/google.php @@ -113,7 +113,7 @@ class Google extends \OC\Files\Storage\Common { if (isset($this->driveFiles[$path])) { $parentId = $this->driveFiles[$path]->getId(); } else { - $q = "title='".rawurlencode($name)."' and '".$parentId."' in parents and trashed = false"; + $q = "title='" . rawurlencode($name) . "' and '" . rawurlencode($parentId) . "' in parents and trashed = false"; $result = $this->service->files->listFiles(array('q' => $q))->getItems(); if (!empty($result)) { // Google Drive allows files with the same name, ownCloud doesn't @@ -257,7 +257,7 @@ class Google extends \OC\Files\Storage\Common { if ($pageToken !== true) { $params['pageToken'] = $pageToken; } - $params['q'] = "'".$folder->getId()."' in parents and trashed = false"; + $params['q'] = "'" . rawurlencode($folder->getId()) . "' in parents and trashed = false"; $children = $this->service->files->listFiles($params); foreach ($children->getItems() as $child) { $name = $child->getTitle(); From c052ee75844bbd947e7466eda1f1dcda1ed43950 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Tue, 31 Mar 2015 15:30:49 +0200 Subject: [PATCH 3/3] Only escape single quotes --- apps/files_external/lib/google.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/files_external/lib/google.php b/apps/files_external/lib/google.php index b9d3666f95..541113fb53 100644 --- a/apps/files_external/lib/google.php +++ b/apps/files_external/lib/google.php @@ -113,7 +113,7 @@ class Google extends \OC\Files\Storage\Common { if (isset($this->driveFiles[$path])) { $parentId = $this->driveFiles[$path]->getId(); } else { - $q = "title='" . rawurlencode($name) . "' and '" . rawurlencode($parentId) . "' in parents and trashed = false"; + $q = "title='" . str_replace("'","\\'", $name) . "' and '" . str_replace("'","\\'", $parentId) . "' in parents and trashed = false"; $result = $this->service->files->listFiles(array('q' => $q))->getItems(); if (!empty($result)) { // Google Drive allows files with the same name, ownCloud doesn't @@ -257,7 +257,7 @@ class Google extends \OC\Files\Storage\Common { if ($pageToken !== true) { $params['pageToken'] = $pageToken; } - $params['q'] = "'" . rawurlencode($folder->getId()) . "' in parents and trashed = false"; + $params['q'] = "'" . str_replace("'","\\'", $folder->getId()) . "' in parents and trashed = false"; $children = $this->service->files->listFiles($params); foreach ($children->getItems() as $child) { $name = $child->getTitle();