adding storage specific filename verification - refs #13640

apps/files/ajax/newfile.php

@@ -10,7 +10,7 @@ global $eventSource;
 
 // Get the params
 $dir = isset( $_REQUEST['dir'] ) ? '/'.trim((string)$_REQUEST['dir'], '/\\') : '';
-$filename = isset( $_REQUEST['filename'] ) ? trim((string)$_REQUEST['filename'], '/\\') : '';
+$fileName = isset( $_REQUEST['filename'] ) ? trim((string)$_REQUEST['filename'], '/\\') : '';
 
 $l10n = \OC::$server->getL10N('files');
 
@@ -18,23 +18,14 @@ $result = array(
 	'success' 	=> false,
 	'data'		=> NULL
 );
-$trimmedFileName = trim($filename);
 
-if($trimmedFileName === '') {
-	$result['data'] = array('message' => (string)$l10n->t('File name cannot be empty.'));
+try {
+	\OC\Files\Filesystem::getView()->verifyPath($dir, $fileName);
+} catch (\OCP\Files\InvalidPathException $ex) {
+	$result['data'] = [
+		'message' => $ex->getMessage()];
 	OCP\JSON::error($result);
-	exit();
-}
-if($trimmedFileName === '.' || $trimmedFileName === '..') {
-	$result['data'] = array('message' => (string)$l10n->t('"%s" is an invalid file name.', $trimmedFileName));
-	OCP\JSON::error($result);
-	exit();
-}
-
-if(!OCP\Util::isValidFileName($filename)) {
-	$result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."));
-	OCP\JSON::error($result);
-	exit();
+	return;
 }
 
 if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
@@ -46,12 +37,12 @@ if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
 	exit();
 }
 
-$target = $dir.'/'.$filename;
+$target = $dir.'/'.$fileName;
 
 if (\OC\Files\Filesystem::file_exists($target)) {
 	$result['data'] = array('message' => (string)$l10n->t(
 			'The name %s is already used in the folder %s. Please choose a different name.',
-			array($filename, $dir))
+			array($fileName, $dir))
 		);
 	OCP\JSON::error($result);
 	exit();

apps/files/ajax/newfolder.php

@@ -9,7 +9,7 @@ OCP\JSON::callCheck();
 
 // Get the params
 $dir = isset($_POST['dir']) ? (string)$_POST['dir'] : '';
-$foldername = isset($_POST['foldername']) ?(string) $_POST['foldername'] : '';
+$folderName = isset($_POST['foldername']) ?(string) $_POST['foldername'] : '';
 
 $l10n = \OC::$server->getL10N('files');
 
@@ -18,16 +18,13 @@ $result = array(
 	'data'		=> NULL
 	);
 
-if(trim($foldername) === '') {
-	$result['data'] = array('message' => $l10n->t('Folder name cannot be empty.'));
+try {
+	\OC\Files\Filesystem::getView()->verifyPath($dir, $folderName);
+} catch (\OCP\Files\InvalidPathException $ex) {
+	$result['data'] = [
+		'message' => $ex->getMessage()];
 	OCP\JSON::error($result);
-	exit();
-}
-
-if(!OCP\Util::isValidFileName($foldername)) {
-	$result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."));
-	OCP\JSON::error($result);
-	exit();
+	return;
 }
 
 if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
@@ -39,12 +36,12 @@ if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
 	exit();
 }
 
-$target = $dir . '/' . $foldername;
+$target = $dir . '/' . $folderName;
 		
 if (\OC\Files\Filesystem::file_exists($target)) {
 	$result['data'] = array('message' => $l10n->t(
 			'The name %s is already used in the folder %s. Please choose a different name.',
-			array($foldername, $dir))
+			array($folderName, $dir))
 		);
 	OCP\JSON::error($result);
 	exit();
@@ -52,9 +49,9 @@ if (\OC\Files\Filesystem::file_exists($target)) {
 
 if(\OC\Files\Filesystem::mkdir($target)) {
 	if ( $dir !== '/') {
-		$path = $dir.'/'.$foldername;
+		$path = $dir.'/'.$folderName;
 	} else {
-		$path = '/'.$foldername;
+		$path = '/'.$folderName;
 	}
 	$meta = \OC\Files\Filesystem::getFileInfo($path);
 	$meta['type'] = 'dir'; // missing ?!

apps/files/js/files.js

@@ -103,13 +103,13 @@
 				throw t('files', 'File name cannot be empty.');
 			}
 			// check for invalid characters
-			var invalidCharacters =
-				['\\', '/', '<', '>', ':', '"', '|', '?', '*', '\n'];
-			for (var i = 0; i < invalidCharacters.length; i++) {
-				if (trimmedName.indexOf(invalidCharacters[i]) !== -1) {
-					throw t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.");
-				}
-			}
+			//var invalidCharacters =
+			//	['\\', '/', '<', '>', ':', '"', '|', '?', '*', '\n'];
+			//for (var i = 0; i < invalidCharacters.length; i++) {
+			//	if (trimmedName.indexOf(invalidCharacters[i]) !== -1) {
+			//		throw t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.");
+			//	}
+			//}
 			return true;
 		},
 		displayStorageWarnings: function() {

lib/private/connector/sabre/exception/invalidpath.php

@@ -0,0 +1,57 @@
+<?php
+
+/**
+ * Copyright (c) 2015 Thomas Müller <deepdiver@owncloud.com>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file. */
+
+class OC_Connector_Sabre_Exception_InvalidPath extends \Sabre\DAV\Exception {
+
+	/**
+	 * @var bool
+	 */
+	private $retry;
+
+	/**
+	 * @param string $message
+	 * @param bool $retry
+	 */
+	public function __construct($message, $retry = false) {
+		parent::__construct($message);
+		$this->retry = $retry;
+	}
+
+	/**
+	 * Returns the HTTP status code for this exception
+	 *
+	 * @return int
+	 */
+	public function getHTTPCode() {
+
+		return 400;
+
+	}
+
+	/**
+	 * This method allows the exception to include additional information into the WebDAV error response
+	 *
+	 * @param \Sabre\DAV\Server $server
+	 * @param \DOMElement $errorNode
+	 * @return void
+	 */
+	public function serialize(\Sabre\DAV\Server $server,\DOMElement $errorNode) {
+
+		// set owncloud namespace
+		$errorNode->setAttribute('xmlns:o', OC_Connector_Sabre_FilesPlugin::NS_OWNCLOUD);
+
+		// adding the retry node
+		$error = $errorNode->ownerDocument->createElementNS('o:','o:retry', var_export($this->retry, true));
+		$errorNode->appendChild($error);
+
+		// adding the message node
+		$error = $errorNode->ownerDocument->createElementNS('o:','o:reason', $this->getMessage());
+		$errorNode->appendChild($error);
+	}
+
+}

lib/private/connector/sabre/file.php

@@ -66,17 +66,15 @@ class File extends \OC\Connector\Sabre\Node implements \Sabre\DAV\IFile {
 			throw new \Sabre\DAV\Exception\ServiceUnavailable("Encryption is disabled");
 		}
 
-		$fileName = basename($this->info->getPath());
-		if (!\OCP\Util::isValidFileName($fileName)) {
-			throw new \Sabre\DAV\Exception\BadRequest();
-		}
+		// verify path of the target
+		$this->verifyPath();
 
 		// chunked handling
 		if (isset($_SERVER['HTTP_OC_CHUNKED'])) {
 			return $this->createFileChunked($data);
 		}
 
-		list($storage,) = $this->fileView->resolvePath($this->path);
+		list($storage) = $this->fileView->resolvePath($this->path);
 		$needsPartFile = $this->needsPartFile($storage) && (strlen($this->path) > 1);
 
 		if ($needsPartFile) {
@@ -329,5 +327,5 @@ class File extends \OC\Connector\Sabre\Node implements \Sabre\DAV\IFile {
 		// and/or add method on Storage called "needsPartFile()"
 		return !$storage->instanceOfStorage('OCA\Files_Sharing\External\Storage') &&
 			!$storage->instanceOfStorage('OC\Files\Storage\OwnCloud');
-	}	
+	}
 }

lib/private/connector/sabre/node.php

@@ -103,9 +103,8 @@ abstract class Node implements \Sabre\DAV\INode {
 		list($parentPath,) = \Sabre\HTTP\URLUtil::splitPath($this->path);
 		list(, $newName) = \Sabre\HTTP\URLUtil::splitPath($name);
 
-		if (!\OCP\Util::isValidFileName($newName)) {
-			throw new \Sabre\DAV\Exception\BadRequest();
-		}
+		// verify path of the target
+		$this->verifyPath();
 
 		$newPath = $parentPath . '/' . $newName;
 
@@ -230,4 +229,13 @@ abstract class Node implements \Sabre\DAV\INode {
 		}
 		return $p;
 	}
+
+	protected function verifyPath() {
+		try {
+			$fileName = basename($this->info->getPath());
+			$this->fileView->verifyPath($this->path, $fileName);
+		} catch (\OCP\Files\InvalidPathException $ex) {
+			throw new OC_Connector_Sabre_Exception_InvalidPath($ex->getMessage());
+		}
+	}
 }

lib/private/connector/sabre/objecttree.php

@@ -11,6 +11,7 @@ namespace OC\Connector\Sabre;
 use OC\Files\FileInfo;
 use OC\Files\Filesystem;
 use OC\Files\Mount\MoveableMount;
+use OC_Connector_Sabre_Exception_InvalidPath;
 use OCP\Files\StorageInvalidException;
 use OCP\Files\StorageNotAvailableException;
 
@@ -185,8 +186,10 @@ class ObjectTree extends \Sabre\DAV\Tree {
 			}
 
 			$fileName = basename($destinationPath);
-			if (!\OCP\Util::isValidFileName($fileName)) {
-				throw new \Sabre\DAV\Exception\BadRequest();
+			try {
+				$this->fileView->verifyPath($destinationDir, $fileName);
+			} catch (\OCP\Files\InvalidPathException $ex) {
+				throw new OC_Connector_Sabre_Exception_InvalidPath($ex->getMessage());
 			}
 
 			$renameOkay = $this->fileView->rename($sourcePath, $destinationPath);

lib/private/files/storage/common.php

@@ -8,8 +8,12 @@
 
 namespace OC\Files\Storage;
 
+use OC\Files\Cache\Cache;
+use OC\Files\Cache\Scanner;
+use OC\Files\Cache\Storage;
 use OC\Files\Filesystem;
 use OC\Files\Cache\Watcher;
+use OCP\Files\InvalidPathException;
 
 /**
  * Storage backend class for providing common filesystem operation methods
@@ -25,7 +29,6 @@ use OC\Files\Cache\Watcher;
 abstract class Common implements \OC\Files\Storage\Storage {
 	protected $cache;
 	protected $scanner;
-	protected $permissioncache;
 	protected $watcher;
 	protected $storageCache;
 
@@ -303,7 +306,7 @@ abstract class Common implements \OC\Files\Storage\Storage {
 			$storage = $this;
 		}
 		if (!isset($this->cache)) {
-			$this->cache = new \OC\Files\Cache\Cache($storage);
+			$this->cache = new Cache($storage);
 		}
 		return $this->cache;
 	}
@@ -313,7 +316,7 @@ abstract class Common implements \OC\Files\Storage\Storage {
 			$storage = $this;
 		}
 		if (!isset($this->scanner)) {
-			$this->scanner = new \OC\Files\Cache\Scanner($storage);
+			$this->scanner = new Scanner($storage);
 		}
 		return $this->scanner;
 	}
@@ -323,7 +326,7 @@ abstract class Common implements \OC\Files\Storage\Storage {
 			$storage = $this;
 		}
 		if (!isset($this->watcher)) {
-			$this->watcher = new \OC\Files\Cache\Watcher($storage);
+			$this->watcher = new Watcher($storage);
 			$this->watcher->setPolicy(\OC::$server->getConfig()->getSystemValue('filesystem_check_changes', Watcher::CHECK_ONCE));
 		}
 		return $this->watcher;
@@ -334,7 +337,7 @@ abstract class Common implements \OC\Files\Storage\Storage {
 			$storage = $this;
 		}
 		if (!isset($this->storageCache)) {
-			$this->storageCache = new \OC\Files\Cache\Storage($storage);
+			$this->storageCache = new Storage($storage);
 		}
 		return $this->storageCache;
 	}
@@ -451,4 +454,58 @@ abstract class Common implements \OC\Files\Storage\Storage {
 		return [];
 	}
 
+	/**
+	 * @inheritdoc
+	 */
+	public function verifyPath($path, $fileName) {
+		// NOTE: $path will remain unverified for now
+		if (\OC_Util::runningOnWindows()) {
+			$this->verifyWindowsPath($fileName);
+		} else {
+			$this->verifyPosixPath($fileName);
+		}
+	}
+
+	/**
+	 * https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx
+	 * @param string $fileName
+	 * @throws InvalidPathException
+	 */
+	private function verifyWindowsPath($fileName) {
+		$fileName = trim($fileName);
+		$this->scanForInvalidCharacters($fileName, "\\/<>:\"|?*");
+		$reservedNames = ['CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9'];
+		if (in_array(strtoupper($fileName), $reservedNames)) {
+				throw new InvalidPathException("File name is a reserved word");
+		}
+	}
+
+	/**
+	 * @param string $fileName
+	 * @throws InvalidPathException
+	 */
+	private function verifyPosixPath($fileName) {
+		$fileName = trim($fileName);
+		$this->scanForInvalidCharacters($fileName, "\\/");
+		$reservedNames = ['*'];
+		if (in_array($fileName, $reservedNames)) {
+			throw new InvalidPathException("File name is a reserved word");
+		}
+	}
+
+	/**
+	 * @param $fileName
+	 * @throws InvalidPathException
+	 */
+	private function scanForInvalidCharacters($fileName, $invalidChars) {
+		foreach (str_split($fileName) as $char) {
+			if (strpos($invalidChars, $char) !== false) {
+				throw new InvalidPathException('File name contains at least one invalid characters');
+			}
+			if (ord($char) >= 0 && ord($char) <= 31) {
+				throw new InvalidPathException('File name contains at least one invalid characters');
+			}
+		}
+	}
+
 }

lib/private/files/storage/wrapper/wrapper.php

@@ -8,6 +8,8 @@
 
 namespace OC\Files\Storage\Wrapper;
 
+use OCP\Files\InvalidPathException;
+
 class Wrapper implements \OC\Files\Storage\Storage {
 	/**
 	 * @var \OC\Files\Storage\Storage $storage
@@ -477,4 +479,14 @@ class Wrapper implements \OC\Files\Storage\Storage {
 	public function getDirectDownload($path) {
 		return $this->storage->getDirectDownload($path);
 	}
+
+	/**
+	 * @param string $path the path of the target folder
+	 * @param string $fileName the name of the file itself
+	 * @return void
+	 * @throws InvalidPathException
+	 */
+	public function verifyPath($path, $fileName) {
+		$this->storage->verifyPath($path, $fileName);
+	}
 }

lib/private/files/view.php

@@ -11,6 +11,7 @@ namespace OC\Files;
 
 use OC\Files\Cache\Updater;
 use OC\Files\Mount\MoveableMount;
+use OCP\Files\InvalidPathException;
 
 /**
  * Class to provide access to ownCloud filesystem via a "view", and methods for
@@ -29,11 +30,10 @@ use OC\Files\Mount\MoveableMount;
  * \OC\Files\Storage\Storage object
  */
 class View {
+	/** @var string */
 	private $fakeRoot = '';
 
-	/**
-	 * @var \OC\Files\Cache\Updater
-	 */
+	/** @var \OC\Files\Cache\Updater */
 	protected $updater;
 
 	/**
@@ -116,7 +116,7 @@ class View {
 	 * get the mountpoint of the storage object for a path
 	 * ( note: because a storage is not always mounted inside the fakeroot, the
 	 * returned mountpoint is relative to the absolute root of the filesystem
-	 * and doesn't take the chroot into account )
+	 * and does not take the chroot into account )
 	 *
 	 * @param string $path
 	 * @return string
@@ -129,7 +129,7 @@ class View {
 	 * get the mountpoint of the storage object for a path
 	 * ( note: because a storage is not always mounted inside the fakeroot, the
 	 * returned mountpoint is relative to the absolute root of the filesystem
-	 * and doesn't take the chroot into account )
+	 * and does not take the chroot into account )
 	 *
 	 * @param string $path
 	 * @return \OCP\Files\Mount\IMountPoint
@@ -1532,7 +1532,32 @@ class View {
 	/**
 	 * @return Updater
 	 */
-	public function getUpdater(){
+	public function getUpdater() {
 		return $this->updater;
 	}
+
+	public function verifyPath($path, $fileName) {
+
+		// verify empty and dot files
+		$trimmed = trim($fileName);
+		if ($trimmed === '') {
+			throw new InvalidPathException('Empty filename is not allowed');
+		}
+		if ($trimmed === '.' || $trimmed === '..') {
+			throw new InvalidPathException('Dot files are not allowed');
+		}
+
+		// verify database - e.g. mysql only 3-byte chars
+		if (preg_match('%^(?:
+      \xF0[\x90-\xBF][\x80-\xBF]{2}      # planes 1-3
+    | [\xF1-\xF3][\x80-\xBF]{3}          # planes 4-15
+    | \xF4[\x80-\x8F][\x80-\xBF]{2}      # plane 16
+)*$%xs', $fileName)) {
+			throw new InvalidPathException('4-byte characters are not supported in file names');
+		}
+
+		/** @type \OCP\Files\Storage $storage */
+		list($storage, $internalPath) = $this->resolvePath($path);
+		$storage->verifyPath($internalPath, $fileName);
+	}
 }

lib/public/files/storage.php

@@ -28,6 +28,7 @@
 // use OCP namespace for all classes that are considered public.
 // This means that they should be used by apps instead of the internal ownCloud classes
 namespace OCP\Files;
+use OCP\Files\InvalidPathException;
 
 /**
  * Provide a common interface to all different storage options
@@ -345,4 +346,12 @@ interface Storage {
 	 * @return array|false
 	 */
 	public function getDirectDownload($path);
+
+	/**
+	 * @param string $path the path of the target folder
+	 * @param string $fileName the name of the file itself
+	 * @return void
+	 * @throws InvalidPathException
+	 */
+	public function verifyPath($path, $fileName);
 }

tests/lib/connector/sabre/exception/invalidpathtest.php

@@ -0,0 +1,41 @@
+<?php
+
+/**
+ * Copyright (c) 2015 Thomas Müller <deepdiver@owncloud.com>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+class Test_OC_Connector_Sabre_Exception_InvalidPath extends \Test\TestCase {
+
+	public function testSerialization() {
+
+		// create xml doc
+		$DOM = new \DOMDocument('1.0','utf-8');
+		$DOM->formatOutput = true;
+		$error = $DOM->createElementNS('DAV:','d:error');
+		$error->setAttribute('xmlns:s', Sabre\DAV\Server::NS_SABREDAV);
+		$DOM->appendChild($error);
+
+		// serialize the exception
+		$message = "1234567890";
+		$retry = false;
+		$expectedXml = <<<EOD
+<?xml version="1.0" encoding="utf-8"?>
+<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:o="http://owncloud.org/ns">
+  <o:retry xmlns:o="o:">false</o:retry>
+  <o:reason xmlns:o="o:">1234567890</o:reason>
+</d:error>
+
+EOD;
+
+
+		$ex = new OC_Connector_Sabre_Exception_InvalidPath($message, $retry);
+		$server = $this->getMock('Sabre\DAV\Server');
+		$ex->serialize($server, $error);
+
+		// assert
+		$xml = $DOM->saveXML();
+		$this->assertEquals($expectedXml, $xml);
+	}
+}

tests/lib/files/pathverificationtest.php

@@ -0,0 +1,226 @@
+<?php
+/**
+ * Copyright (c) 2015 Thomas Müller <deepdiver@owncloud.com>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file. */
+
+namespace Test\Files;
+
+use OC\Files\Storage\Local;
+use OC\Files\View;
+
+class PathVerification extends \Test\TestCase {
+
+	/**
+	 * @var \OC\Files\View
+	 */
+	private $view;
+
+	protected function setUp() {
+		parent::setUp();
+		$this->view = new View();
+	}
+
+	/**
+	 * @dataProvider providesEmptyFiles
+	 * @expectedException \OCP\Files\InvalidPathException
+	 * @expectedExceptionMessage Empty filename is not allowed
+	 */
+	public function testPathVerificationEmptyFileName($fileName) {
+		$this->view->verifyPath('', $fileName);
+	}
+
+	public function providesEmptyFiles() {
+		return [
+			[''],
+			[' '],
+		];
+	}
+
+	/**
+	 * @dataProvider providesDotFiles
+	 * @expectedException \OCP\Files\InvalidPathException
+	 * @expectedExceptionMessage Dot files are not allowed
+	 */
+	public function testPathVerificationDotFiles($fileName) {
+		$this->view->verifyPath('', $fileName);
+	}
+
+	public function providesDotFiles() {
+		return [
+			['.'],
+			['..'],
+			[' .'],
+			[' ..'],
+			['. '],
+			['.. '],
+			[' . '],
+			[' .. '],
+		];
+	}
+
+	/**
+	 * @dataProvider providesAstralPlane
+	 * @expectedException \OCP\Files\InvalidPathException
+	 * @expectedExceptionMessage 4-byte characters are not supported in file names
+	 */
+	public function testPathVerificationAstralPlane($fileName) {
+		$this->view->verifyPath('', $fileName);
+	}
+
+	public function providesAstralPlane() {
+		return [
+			// this is the monkey emoji - http://en.wikipedia.org/w/index.php?title=%F0%9F%90%B5&redirect=no
+			['🐵'],
+		];
+	}
+
+	/**
+	 * @dataProvider providesInvalidCharsWindows
+	 * @expectedException \OCP\Files\InvalidPathException
+	 * @expectedExceptionMessage File name contains at least one invalid characters
+	 */
+	public function testPathVerificationInvalidCharsWindows($fileName) {
+		$storage = new Local(['datadir' => '']);
+
+		$fileName = " 123{$fileName}456 ";
+		\Test_Helper::invokePrivate($storage, 'verifyWindowsPath', [$fileName]);
+	}
+
+	public function providesInvalidCharsWindows() {
+		return [
+			[\chr(0)],
+			[\chr(1)],
+			[\chr(2)],
+			[\chr(3)],
+			[\chr(4)],
+			[\chr(5)],
+			[\chr(6)],
+			[\chr(7)],
+			[\chr(8)],
+			[\chr(9)],
+			[\chr(10)],
+			[\chr(11)],
+			[\chr(12)],
+			[\chr(13)],
+			[\chr(14)],
+			[\chr(15)],
+			[\chr(16)],
+			[\chr(17)],
+			[\chr(18)],
+			[\chr(19)],
+			[\chr(20)],
+			[\chr(21)],
+			[\chr(22)],
+			[\chr(23)],
+			[\chr(24)],
+			[\chr(25)],
+			[\chr(26)],
+			[\chr(27)],
+			[\chr(28)],
+			[\chr(29)],
+			[\chr(30)],
+			[\chr(31)],
+			['<'],
+			['>'],
+			[':'],
+			['"'],
+			['/'],
+			['\\'],
+			['|'],
+			['?'],
+			['*'],
+		];
+	}
+
+	/**
+	 * @dataProvider providesInvalidCharsPosix
+	 * @expectedException \OCP\Files\InvalidPathException
+	 * @expectedExceptionMessage File name contains at least one invalid characters
+	 */
+	public function testPathVerificationInvalidCharsPosix($fileName) {
+		$storage = new Local(['datadir' => '']);
+
+		$fileName = " 123{$fileName}456 ";
+		\Test_Helper::invokePrivate($storage, 'verifyWindowsPath', [$fileName]);
+	}
+
+	public function providesInvalidCharsPosix() {
+		return [
+			[\chr(0)],
+			[\chr(1)],
+			[\chr(2)],
+			[\chr(3)],
+			[\chr(4)],
+			[\chr(5)],
+			[\chr(6)],
+			[\chr(7)],
+			[\chr(8)],
+			[\chr(9)],
+			[\chr(10)],
+			[\chr(11)],
+			[\chr(12)],
+			[\chr(13)],
+			[\chr(14)],
+			[\chr(15)],
+			[\chr(16)],
+			[\chr(17)],
+			[\chr(18)],
+			[\chr(19)],
+			[\chr(20)],
+			[\chr(21)],
+			[\chr(22)],
+			[\chr(23)],
+			[\chr(24)],
+			[\chr(25)],
+			[\chr(26)],
+			[\chr(27)],
+			[\chr(28)],
+			[\chr(29)],
+			[\chr(30)],
+			[\chr(31)],
+			['/'],
+			['\\'],
+		];
+	}
+
+	/**
+	 * @dataProvider providesReservedNamesWindows
+	 * @expectedException \OCP\Files\InvalidPathException
+	 * @expectedExceptionMessage File name is a reserved word
+	 */
+	public function testPathVerificationReservedNamesWindows($fileName) {
+		$storage = new Local(['datadir' => '']);
+
+		\Test_Helper::invokePrivate($storage, 'verifyWindowsPath', [$fileName]);
+	}
+
+	public function providesReservedNamesWindows() {
+		return [
+			[' CON '],
+			['prn '],
+			['AUX'],
+			['NUL'],
+			['COM1'],
+			['COM2'],
+			['COM3'],
+			['COM4'],
+			['COM5'],
+			['COM6'],
+			['COM7'],
+			['COM8'],
+			['COM9'],
+			['LPT1'],
+			['LPT2'],
+			['LPT3'],
+			['LPT4'],
+			['LPT5'],
+			['LPT6'],
+			['LPT7'],
+			['LPT8'],
+			['LPT9']
+		];
+	}
+
+}