From 4652d203e37d06b427872888ccb17227c1e0818b Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Wed, 2 Nov 2016 09:23:01 +0100
Subject: [PATCH] Make sure we don't scan files that can not be accessed

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 lib/private/Files/Cache/Scanner.php   | 21 +++++++++++++++++++++
 tests/lib/Files/Cache/ScannerTest.php | 26 ++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)

diff --git a/lib/private/Files/Cache/Scanner.php b/lib/private/Files/Cache/Scanner.php
index 28f7be0b65..237934db7a 100644
--- a/lib/private/Files/Cache/Scanner.php
+++ b/lib/private/Files/Cache/Scanner.php
@@ -132,6 +132,24 @@ class Scanner extends BasicEmitter implements IScanner {
 	 */
 	public function scanFile($file, $reuseExisting = 0, $parentId = -1, $cacheData = null, $lock = true) {
 
+		if (!\OC::$server->getDatabaseConnection()->supports4ByteText()) {
+			// verify database - e.g. mysql only 3-byte chars
+			if (preg_match('%(?:
+      \xF0[\x90-\xBF][\x80-\xBF]{2}      # planes 1-3
+    | [\xF1-\xF3][\x80-\xBF]{3}          # planes 4-15
+    | \xF4[\x80-\x8F][\x80-\xBF]{2}      # plane 16
+)%xs', $file)) {
+				// 4-byte characters are not supported in file names
+				return null;
+			}
+		}
+
+		try {
+			$this->storage->verifyPath(dirname($file), basename($file));
+		} catch (\Exception $e) {
+			return null;
+		}
+
 		// only proceed if $file is not a partial file nor a blacklisted file
 		if (!self::isPartialFile($file) and !Filesystem::isFileBlacklisted($file)) {
 
@@ -167,6 +185,9 @@ class Scanner extends BasicEmitter implements IScanner {
 				// scan the parent if it's not in the cache (id -1) and the current file is not the root folder
 				if ($file and $parentId === -1) {
 					$parentData = $this->scanFile($parent);
+					if (!$parentData) {
+						return null;
+					}
 					$parentId = $parentData['fileid'];
 				}
 				if ($parent) {
diff --git a/tests/lib/Files/Cache/ScannerTest.php b/tests/lib/Files/Cache/ScannerTest.php
index b44b6f5d0f..075716f803 100644
--- a/tests/lib/Files/Cache/ScannerTest.php
+++ b/tests/lib/Files/Cache/ScannerTest.php
@@ -70,6 +70,32 @@ class ScannerTest extends \Test\TestCase {
 		$this->assertEquals($cachedData['mimetype'], 'image/png');
 	}
 
+	function testFile4Byte() {
+		$data = "dummy file data\n";
+		$this->storage->file_put_contents('foo🙈.txt', $data);
+
+		if (\OC::$server->getDatabaseConnection()->supports4ByteText()) {
+			$this->assertNotNull($this->scanner->scanFile('foo🙈.txt'));
+			$this->assertTrue($this->cache->inCache('foo🙈.txt'), true);
+
+			$cachedData = $this->cache->get('foo🙈.txt');
+			$this->assertEquals(strlen($data), $cachedData['size']);
+			$this->assertEquals('text/plain', $cachedData['mimetype']);
+			$this->assertNotEquals(-1, $cachedData['parent']); //parent folders should be scanned automatically
+		} else {
+			$this->assertNull($this->scanner->scanFile('foo🙈.txt'));
+			$this->assertFalse($this->cache->inCache('foo🙈.txt'), true);
+		}
+	}
+
+	function testFileInvalidChars() {
+		$data = "dummy file data\n";
+		$this->storage->file_put_contents("foo\nbar.txt", $data);
+
+		$this->assertNull($this->scanner->scanFile("foo\nbar.txt"));
+		$this->assertFalse($this->cache->inCache("foo\nbar.txt"), true);
+	}
+
 	private function fillTestFolders() {
 		$textData = "dummy file data\n";
 		$imgData = file_get_contents(\OC::$SERVERROOT . '/core/img/logo.png');