Normalize before processing
This commit is contained in:
parent
80e38b84dc
commit
4d91fa4c93
|
@ -543,9 +543,11 @@ class Filesystem {
|
|||
* @return bool
|
||||
*/
|
||||
static public function isFileBlacklisted($filename) {
|
||||
$filename = self::normalizePath($filename);
|
||||
|
||||
$blacklist = \OC_Config::getValue('blacklisted_files', array('.htaccess'));
|
||||
$filename = strtolower(basename($filename));
|
||||
return (in_array($filename, $blacklist));
|
||||
return in_array($filename, $blacklist);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -734,6 +736,9 @@ class Filesystem {
|
|||
return '/';
|
||||
}
|
||||
|
||||
//normalize unicode if possible
|
||||
$path = \OC_Util::normalizeUnicode($path);
|
||||
|
||||
//no windows style slashes
|
||||
$path = str_replace('\\', '/', $path);
|
||||
|
||||
|
@ -770,9 +775,6 @@ class Filesystem {
|
|||
$path = substr($path, 0, -2);
|
||||
}
|
||||
|
||||
//normalize unicode if possible
|
||||
$path = \OC_Util::normalizeUnicode($path);
|
||||
|
||||
$normalizedPath = $windows_drive_letter . $path;
|
||||
self::$normalizedPathCache[$cacheKey] = $normalizedPath;
|
||||
|
||||
|
|
|
@ -115,6 +115,8 @@ class Mapper
|
|||
|
||||
/**
|
||||
* @param string $logicPath
|
||||
* @return null
|
||||
* @throws \OC\DatabaseException
|
||||
*/
|
||||
private function resolveLogicPath($logicPath) {
|
||||
$logicPath = $this->resolveRelativePath($logicPath);
|
||||
|
@ -162,7 +164,8 @@ class Mapper
|
|||
|
||||
/**
|
||||
* @param string $logicPath
|
||||
* @param boolean $store
|
||||
* @param bool $store
|
||||
* @return string
|
||||
*/
|
||||
private function create($logicPath, $store) {
|
||||
$logicPath = $this->resolveRelativePath($logicPath);
|
||||
|
@ -191,7 +194,9 @@ class Mapper
|
|||
}
|
||||
|
||||
/**
|
||||
* @param integer $index
|
||||
* @param string $path
|
||||
* @param int $index
|
||||
* @return string
|
||||
*/
|
||||
public function slugifyPath($path, $index = null) {
|
||||
$path = $this->stripRootFolder($path, $this->unchangedPhysicalRoot);
|
||||
|
@ -205,7 +210,7 @@ class Mapper
|
|||
continue;
|
||||
}
|
||||
|
||||
$sluggedElements[] = self::slugify($pathElement);
|
||||
$sluggedElements[] = $this->slugify($pathElement);
|
||||
}
|
||||
|
||||
// apply index to file name
|
||||
|
@ -253,13 +258,18 @@ class Mapper
|
|||
// trim ending dots (for security reasons and win compatibility)
|
||||
$text = preg_replace('~\.+$~', '', $text);
|
||||
|
||||
if (empty($text)) {
|
||||
if (empty($text) || \OC\Files\Filesystem::isFileBlacklisted($text)) {
|
||||
/**
|
||||
* Item slug would be empty. Previously we used uniqid() here.
|
||||
* However this means that the behaviour is not reproducible, so
|
||||
* when uploading files into a "empty" folder, the folders name is
|
||||
* different.
|
||||
*
|
||||
* The other case is, that the slugified name would be a blacklisted
|
||||
* filename. In this case we just use the same workaround by
|
||||
* returning the secure md5 hash of the original name.
|
||||
*
|
||||
*
|
||||
* If there would be a md5() hash collision, the deduplicate check
|
||||
* will spot this and append an index later, so this should not be
|
||||
* a problem.
|
||||
|
|
|
@ -187,6 +187,28 @@ class Filesystem extends \Test\TestCase {
|
|||
$this->assertSame($expected, \OC\Files\Filesystem::isValidPath($path));
|
||||
}
|
||||
|
||||
public function isFileBlacklistedData() {
|
||||
return array(
|
||||
array('/etc/foo/bar/foo.txt', false),
|
||||
array('\etc\foo/bar\foo.txt', false),
|
||||
array('.htaccess', true),
|
||||
array('.htaccess/', true),
|
||||
array('.htaccess\\', true),
|
||||
array('/etc/foo\bar/.htaccess\\', true),
|
||||
array('/etc/foo\bar/.htaccess/', true),
|
||||
array('/etc/foo\bar/.htaccess/foo', false),
|
||||
array('//foo//bar/\.htaccess/', true),
|
||||
array('\foo\bar\.HTAccess', true),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider isFileBlacklistedData
|
||||
*/
|
||||
public function testIsFileBlacklisted($path, $expected) {
|
||||
$this->assertSame($expected, \OC\Files\Filesystem::isFileBlacklisted($path));
|
||||
}
|
||||
|
||||
public function normalizePathWindowsAbsolutePathData() {
|
||||
return array(
|
||||
array('C:/', 'C:\\'),
|
||||
|
|
|
@ -68,6 +68,15 @@ class Mapper extends \Test\TestCase {
|
|||
*/
|
||||
array('D:/' . md5('ありがとう'), 'D:/ありがとう'),
|
||||
array('D:/' . md5('ありがとう') . '/issue6722.txt', 'D:/ありがとう/issue6722.txt'),
|
||||
array('D:/' . md5('.htaccess'), 'D:/.htaccess'),
|
||||
array('D:/' . md5('.htaccess.'), 'D:/.htaccess.'),
|
||||
array('D:/' . md5('.htAccess'), 'D:/.htAccess'),
|
||||
array('D:/' . md5('.htAccess\\…\\') . '/a', 'D:/.htAccess\…\/とa'),
|
||||
array('D:/' . md5('.htaccess-'), 'D:/.htaccess-'),
|
||||
array('D:/' . md5('.htaあccess'), 'D:/.htaあccess'),
|
||||
array('D:/' . md5(' .htaccess'), 'D:/ .htaccess'),
|
||||
array('D:/' . md5('.htaccess '), 'D:/.htaccess '),
|
||||
array('D:/' . md5(' .htaccess '), 'D:/ .htaccess '),
|
||||
);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue