Merge pull request #4526 from nextcloud/downstream-27269

Don`t allow upload of files with extension .part
2017-04-26 18:21:13 -03:00 · 2017-04-26 18:21:13 -03:00 · 4a9cb81486
parent aad0794500 1c771c097a
commit 4a9cb81486
2 changed files with 48 additions and 32 deletions
--- a/lib/private/legacy/util.php
+++ b/lib/private/legacy/util.php
@ -1388,6 +1388,12 @@ class OC_Util {
 		if (\OC\Files\Filesystem::isIgnoredDir($trimmed)) {
 			return false;
 		}
+
+		// detect part files
+		if (preg_match('/' . \OCP\Files\FileInfo::BLACKLIST_FILES_REGEX . '/', $trimmed) !== 0) {
+			return false;
+		}
+
 		foreach (str_split($trimmed) as $char) {
 			if (strpos(\OCP\Constants::FILENAME_INVALID_CHARS, $char) !== false) {
 				return false;
--- a/tests/lib/UtilTest.php
+++ b/tests/lib/UtilTest.php
@ -204,41 +204,51 @@ class UtilTest extends \Test\TestCase {
 	}

 	public function filenameValidationProvider() {
-		return array(
+		return [
 			// valid names
-			array('boringname', true),
-			array('something.with.extension', true),
-			array('now with spaces', true),
-			array('.a', true),
-			array('..a', true),
-			array('.dotfile', true),
-			array('single\'quote', true),
-			array('  spaces before', true),
-			array('spaces after   ', true),
-			array('allowed chars including the crazy ones $%&_-^@!,()[]{}=;#', true),
-			array('汉字也能用', true),
-			array('und Ümläüte sind auch willkommen', true),
+			['boringname', true],
+			['something.with.extension', true],
+			['now with spaces', true],
+			['.a', true],
+			['..a', true],
+			['.dotfile', true],
+			['single\'quote', true],
+			['  spaces before', true],
+			['spaces after   ', true],
+			['allowed chars including the crazy ones $%&_-^@!,()[]{}=;#', true],
+			['汉字也能用', true],
+			['und Ümläüte sind auch willkommen', true],
 			// disallowed names
-			array('', false),
-			array('     ', false),
-			array('.', false),
-			array('..', false),
-			array('back\\slash', false),
-			array('sl/ash', false),
-			array('lt<lt', true),
-			array('gt>gt', true),
-			array('col:on', true),
-			array('double"quote', true),
-			array('pi|pe', true),
-			array('dont?ask?questions?', true),
-			array('super*star', true),
-			array('new\nline', false),
+			['', false],
+			['     ', false],
+			['.', false],
+			['..', false],
+			['back\\slash', false],
+			['sl/ash', false],
+			['lt<lt', true],
+			['gt>gt', true],
+			['col:on', true],
+			['double"quote', true],
+			['pi|pe', true],
+			['dont?ask?questions?', true],
+			['super*star', true],
+			['new\nline', false],
+
 			// better disallow these to avoid unexpected trimming to have side effects
-			array(' ..', false),
-			array('.. ', false),
-			array('. ', false),
-			array(' .', false),
-		);
+			[' ..', false],
+			['.. ', false],
+			['. ', false],
+			[' .', false],
+
+			// part files not allowed
+			['.part', false],
+			['notallowed.part', false],
+			['neither.filepart', false],
+
+			// part in the middle is ok
+			['super movie part one.mkv', true],
+			['super.movie.part.mkv', true],
+		];
 	}

 	/**