mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Make sure we don't scan files that can not be accessed 

Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2016-11-02 09:23:01 +01:00 committed by Roeland Jago Douma
parent ba9b17c906
commit 4652d203e3
No known key found for this signature in database
GPG Key ID: F941078878347C0C
2 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lib/private/Files/Cache/Scanner.php
View File

@ -132,6 +132,24 @@ class Scanner extends BasicEmitter implements IScanner {
*/ */
public function scanFile($file, $reuseExisting = 0, $parentId = -1, $cacheData = null, $lock = true) { public function scanFile($file, $reuseExisting = 0, $parentId = -1, $cacheData = null, $lock = true) {
if (!\OC::$server->getDatabaseConnection()->supports4ByteText()) {
// verify database - e.g. mysql only 3-byte chars
if (preg_match('%(?:
\xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3
| [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15
| \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16
)%xs', $file)) {
// 4-byte characters are not supported in file names
return null;
}
}
try {
$this->storage->verifyPath(dirname($file), basename($file));
} catch (\Exception $e) {
return null;
}
// only proceed if $file is not a partial file nor a blacklisted file // only proceed if $file is not a partial file nor a blacklisted file
if (!self::isPartialFile($file) and !Filesystem::isFileBlacklisted($file)) { if (!self::isPartialFile($file) and !Filesystem::isFileBlacklisted($file)) {
@ -167,6 +185,9 @@ class Scanner extends BasicEmitter implements IScanner {
// scan the parent if it's not in the cache (id -1) and the current file is not the root folder // scan the parent if it's not in the cache (id -1) and the current file is not the root folder
if ($file and $parentId === -1) { if ($file and $parentId === -1) {
$parentData = $this->scanFile($parent); $parentData = $this->scanFile($parent);
if (!$parentData) {
return null;
}
$parentId = $parentData['fileid']; $parentId = $parentData['fileid'];
} }
if ($parent) { if ($parent) {

26
tests/lib/Files/Cache/ScannerTest.php
View File

@ -70,6 +70,32 @@ class ScannerTest extends \Test\TestCase {
$this->assertEquals($cachedData['mimetype'], 'image/png'); $this->assertEquals($cachedData['mimetype'], 'image/png');
} }
function testFile4Byte() {
$data = "dummy file data\n";
$this->storage->file_put_contents('foo🙈.txt', $data);
if (\OC::$server->getDatabaseConnection()->supports4ByteText()) {
$this->assertNotNull($this->scanner->scanFile('foo🙈.txt'));
$this->assertTrue($this->cache->inCache('foo🙈.txt'), true);
$cachedData = $this->cache->get('foo🙈.txt');
$this->assertEquals(strlen($data), $cachedData['size']);
$this->assertEquals('text/plain', $cachedData['mimetype']);
$this->assertNotEquals(-1, $cachedData['parent']); //parent folders should be scanned automatically
} else {
$this->assertNull($this->scanner->scanFile('foo🙈.txt'));
$this->assertFalse($this->cache->inCache('foo🙈.txt'), true);
}
}
function testFileInvalidChars() {
$data = "dummy file data\n";
$this->storage->file_put_contents("foo\nbar.txt", $data);
$this->assertNull($this->scanner->scanFile("foo\nbar.txt"));
$this->assertFalse($this->cache->inCache("foo\nbar.txt"), true);
}
private function fillTestFolders() { private function fillTestFolders() {
$textData = "dummy file data\n"; $textData = "dummy file data\n";
$imgData = file_get_contents(\OC::$SERVERROOT . '/core/img/logo.png'); $imgData = file_get_contents(\OC::$SERVERROOT . '/core/img/logo.png');