mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #14346 from owncloud/storage-based-path-validation 

adding storage specific filename verification
This commit is contained in:
Lukas Reschke 2015-03-10 11:02:47 +01:00
parent 214fa44400 3623f14e73
commit 6dc59019af
26 changed files with 678 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
apps/files/ajax/newfile.php
View File

@ -10,7 +10,7 @@ global $eventSource;
// Get the params
$dir = isset( $_REQUEST['dir'] ) ? '/'.trim((string)$_REQUEST['dir'], '/\\') : '';
$filename = isset( $_REQUEST['filename'] ) ? trim((string)$_REQUEST['filename'], '/\\') : '';
$fileName = isset( $_REQUEST['filename'] ) ? trim((string)$_REQUEST['filename'], '/\\') : '';
$l10n = \OC::$server->getL10N('files');
@ -18,23 +18,14 @@ $result = array(
'success' => false,
'data' => NULL
);
$trimmedFileName = trim($filename);
if($trimmedFileName === '') {
$result['data'] = array('message' => (string)$l10n->t('File name cannot be empty.'));
try {
\OC\Files\Filesystem::getView()->verifyPath($dir, $fileName);
} catch (\OCP\Files\InvalidPathException $ex) {
$result['data'] = [
'message' => $ex->getMessage()];
OCP\JSON::error($result);
exit();
}
if($trimmedFileName === '.' || $trimmedFileName === '..') {
$result['data'] = array('message' => (string)$l10n->t('"%s" is an invalid file name.', $trimmedFileName));
OCP\JSON::error($result);
exit();
}
if(!OCP\Util::isValidFileName($filename)) {
$result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."));
OCP\JSON::error($result);
exit();
return;
}
if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
@ -46,12 +37,12 @@ if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
exit();
}
$target = $dir.'/'.$filename;
$target = $dir.'/'.$fileName;
if (\OC\Files\Filesystem::file_exists($target)) {
$result['data'] = array('message' => (string)$l10n->t(
'The name %s is already used in the folder %s. Please choose a different name.',
array($filename, $dir))
array($fileName, $dir))
);
OCP\JSON::error($result);
exit();

25
apps/files/ajax/newfolder.php
View File

@ -9,7 +9,7 @@ OCP\JSON::callCheck();
// Get the params
$dir = isset($_POST['dir']) ? (string)$_POST['dir'] : '';
$foldername = isset($_POST['foldername']) ?(string) $_POST['foldername'] : '';
$folderName = isset($_POST['foldername']) ?(string) $_POST['foldername'] : '';
$l10n = \OC::$server->getL10N('files');
@ -18,16 +18,13 @@ $result = array(
'data' => NULL
);
if(trim($foldername) === '') {
$result['data'] = array('message' => $l10n->t('Folder name cannot be empty.'));
try {
\OC\Files\Filesystem::getView()->verifyPath($dir, $folderName);
} catch (\OCP\Files\InvalidPathException $ex) {
$result['data'] = [
'message' => $ex->getMessage()];
OCP\JSON::error($result);
exit();
}
if(!OCP\Util::isValidFileName($foldername)) {
$result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."));
OCP\JSON::error($result);
exit();
return;
}
if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
@ -39,12 +36,12 @@ if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
exit();
}
$target = $dir . '/' . $foldername;
$target = $dir . '/' . $folderName;
if (\OC\Files\Filesystem::file_exists($target)) {
$result['data'] = array('message' => $l10n->t(
'The name %s is already used in the folder %s. Please choose a different name.',
array($foldername, $dir))
array($folderName, $dir))
);
OCP\JSON::error($result);
exit();
@ -52,9 +49,9 @@ if (\OC\Files\Filesystem::file_exists($target)) {
if(\OC\Files\Filesystem::mkdir($target)) {
if ( $dir !== '/') {
$path = $dir.'/'.$foldername;
$path = $dir.'/'.$folderName;
} else {
$path = '/'.$foldername;
$path = '/'.$folderName;
}
$meta = \OC\Files\Filesystem::getFileInfo($path);
$meta['type'] = 'dir'; // missing ?!

8
apps/files/js/files.js
View File

@ -102,14 +102,6 @@
} else if (trimmedName.length === 0) {
throw t('files', 'File name cannot be empty.');
}
// check for invalid characters
var invalidCharacters =
['\\', '/', '<', '>', ':', '"', '|', '?', '*', '\n'];
for (var i = 0; i < invalidCharacters.length; i++) {
if (trimmedName.indexOf(invalidCharacters[i]) !== -1) {
throw t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.");
}
}
return true;
},
displayStorageWarnings: function() {

13
apps/files/tests/js/fileUploadSpec.js
View File

@ -110,18 +110,5 @@ describe('OC.Upload tests', function() {
'Not enough free space, you are uploading 5 kB but only 1000 B is left'
);
});
it('does not add file if it has invalid characters', function() {
var result;
testFile.name = 'stars*stars.txt';
result = addFile(testFile);
expect(result).toEqual(false);
expect(failStub.calledOnce).toEqual(true);
expect(failStub.getCall(0).args[1].textStatus).toEqual('invalidcharacters');
expect(failStub.getCall(0).args[1].errorThrown.substr(0, 12)).toEqual(
'Invalid name'
);
});
});
});

10
apps/files/tests/js/filesSpec.js
View File

@ -55,16 +55,6 @@ describe('OCA.Files.Files tests', function() {
' ',
'.',
'..',
'back\\slash',
'sl/ash',
'lt<lt',
'gt>gt',
'col:on',
'double"quote',
'pi|pe',
'dont?ask?questions?',
'super*star',
'new\nline',
' ..',
'.. ',
'. ',

63
lib/private/connector/sabre/exception/invalidpath.php Normal file
View File

@ -0,0 +1,63 @@
<?php
/**
* Copyright (c) 2015 Thomas Müller <deepdiver@owncloud.com>
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file. */
namespace OC\Connector\Sabre\Exception;
use Sabre\DAV\Exception;
class InvalidPath extends Exception {
const NS_OWNCLOUD = 'http://owncloud.org/ns';
/**
* @var bool
*/
private $retry;
/**
* @param string $message
* @param bool $retry
*/
public function __construct($message, $retry = false) {
parent::__construct($message);
$this->retry = $retry;
}
/**
* Returns the HTTP status code for this exception
*
* @return int
*/
public function getHTTPCode() {
return 400;
}
/**
* This method allows the exception to include additional information
* into the WebDAV error response
*
* @param \Sabre\DAV\Server $server
* @param \DOMElement $errorNode
* @return void
*/
public function serialize(\Sabre\DAV\Server $server,\DOMElement $errorNode) {
// set ownCloud namespace
$errorNode->setAttribute('xmlns:o', self::NS_OWNCLOUD);
// adding the retry node
$error = $errorNode->ownerDocument->createElementNS('o:','o:retry', var_export($this->retry, true));
$errorNode->appendChild($error);
// adding the message node
$error = $errorNode->ownerDocument->createElementNS('o:','o:reason', $this->getMessage());
$errorNode->appendChild($error);
}
}

10
lib/private/connector/sabre/file.php
View File

@ -66,17 +66,15 @@ class File extends \OC\Connector\Sabre\Node implements \Sabre\DAV\IFile {
throw new \Sabre\DAV\Exception\ServiceUnavailable("Encryption is disabled");
}
$fileName = basename($this->info->getPath());
if (!\OCP\Util::isValidFileName($fileName)) {
throw new \Sabre\DAV\Exception\BadRequest();
}
// verify path of the target
$this->verifyPath();
// chunked handling
if (isset($_SERVER['HTTP_OC_CHUNKED'])) {
return $this->createFileChunked($data);
}
list($storage,) = $this->fileView->resolvePath($this->path);
list($storage) = $this->fileView->resolvePath($this->path);
$needsPartFile = $this->needsPartFile($storage) && (strlen($this->path) > 1);
if ($needsPartFile) {
@ -329,5 +327,5 @@ class File extends \OC\Connector\Sabre\Node implements \Sabre\DAV\IFile {
// and/or add method on Storage called "needsPartFile()"
return !$storage->instanceOfStorage('OCA\Files_Sharing\External\Storage') &&
!$storage->instanceOfStorage('OC\Files\Storage\OwnCloud');
}
}
}

52
lib/private/connector/sabre/node.php
View File

@ -1,28 +1,40 @@
<?php
/**
* ownCloud
* @author Arthur Schiwon <blizzz@owncloud.com>
* @author Bart Visscher <bartv@thisnet.nl>
* @author Björn Schießle <schiessle@owncloud.com>
* @author Jakob Sack <mail@jakobsack.de>
* @author Jörn Friedrich Dreyer <jfd@butonic.de>
* @author Klaas Freitag <freitag@owncloud.com>
* @author Markus Goetz <markus@woboq.com>
* @author Morris Jobke <hey@morrisjobke.de>
* @author Robin Appelman <icewind@owncloud.com>
* @author Sam Tuke <mail@samtuke.com>
* @author Thomas Müller <thomas.mueller@tmit.eu>
* @author Vincent Petry <pvince81@owncloud.com>
*
* @author Jakob Sack
* @copyright 2011 Jakob Sack kde@jakobsack.de
* @copyright Copyright (c) 2015, ownCloud, Inc.
* @license AGPL-3.0
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This library is distributed in the hope that it will be useful,
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OC\Connector\Sabre;
use OC\Connector\Sabre\Exception\InvalidPath;
abstract class Node implements \Sabre\DAV\INode {
/**
* Allow configuring the method used to generate Etags
@ -103,9 +115,8 @@ abstract class Node implements \Sabre\DAV\INode {
list($parentPath,) = \Sabre\HTTP\URLUtil::splitPath($this->path);
list(, $newName) = \Sabre\HTTP\URLUtil::splitPath($name);
if (!\OCP\Util::isValidFileName($newName)) {
throw new \Sabre\DAV\Exception\BadRequest();
}
// verify path of the target
$this->verifyPath();
$newPath = $parentPath . '/' . $newName;
@ -230,4 +241,13 @@ abstract class Node implements \Sabre\DAV\INode {
}
return $p;
}
protected function verifyPath() {
try {
$fileName = basename($this->info->getPath());
$this->fileView->verifyPath($this->path, $fileName);
} catch (\OCP\Files\InvalidPathException $ex) {
throw new InvalidPath($ex->getMessage());
}
}
}

8
lib/private/connector/sabre/objecttree.php
View File

@ -8,9 +8,11 @@
namespace OC\Connector\Sabre;
use OC\Connector\Sabre\Exception\InvalidPath;
use OC\Files\FileInfo;
use OC\Files\Filesystem;
use OC\Files\Mount\MoveableMount;
use OC_Connector_Sabre_Exception_InvalidPath;
use OCP\Files\StorageInvalidException;
use OCP\Files\StorageNotAvailableException;
@ -185,8 +187,10 @@ class ObjectTree extends \Sabre\DAV\Tree {
}
$fileName = basename($destinationPath);
if (!\OCP\Util::isValidFileName($fileName)) {
throw new \Sabre\DAV\Exception\BadRequest();
try {
$this->fileView->verifyPath($destinationDir, $fileName);
} catch (\OCP\Files\InvalidPathException $ex) {
throw new InvalidPath($ex->getMessage());
}
$renameOkay = $this->fileView->rename($sourcePath, $destinationPath);

71
lib/private/files/storage/common.php
View File

@ -8,8 +8,14 @@
namespace OC\Files\Storage;
use OC\Files\Cache\Cache;
use OC\Files\Cache\Scanner;
use OC\Files\Cache\Storage;
use OC\Files\Filesystem;
use OC\Files\Cache\Watcher;
use OCP\Files\InvalidCharacterInPathException;
use OCP\Files\InvalidPathException;
use OCP\Files\ReservedWordException;
/**
* Storage backend class for providing common filesystem operation methods
@ -25,7 +31,6 @@ use OC\Files\Cache\Watcher;
abstract class Common implements \OC\Files\Storage\Storage {
protected $cache;
protected $scanner;
protected $permissioncache;
protected $watcher;
protected $storageCache;
@ -303,7 +308,7 @@ abstract class Common implements \OC\Files\Storage\Storage {
$storage = $this;
}
if (!isset($this->cache)) {
$this->cache = new \OC\Files\Cache\Cache($storage);
$this->cache = new Cache($storage);
}
return $this->cache;
}
@ -313,7 +318,7 @@ abstract class Common implements \OC\Files\Storage\Storage {
$storage = $this;
}
if (!isset($this->scanner)) {
$this->scanner = new \OC\Files\Cache\Scanner($storage);
$this->scanner = new Scanner($storage);
}
return $this->scanner;
}
@ -323,7 +328,7 @@ abstract class Common implements \OC\Files\Storage\Storage {
$storage = $this;
}
if (!isset($this->watcher)) {
$this->watcher = new \OC\Files\Cache\Watcher($storage);
$this->watcher = new Watcher($storage);
$this->watcher->setPolicy(\OC::$server->getConfig()->getSystemValue('filesystem_check_changes', Watcher::CHECK_ONCE));
}
return $this->watcher;
@ -334,7 +339,7 @@ abstract class Common implements \OC\Files\Storage\Storage {
$storage = $this;
}
if (!isset($this->storageCache)) {
$this->storageCache = new \OC\Files\Cache\Storage($storage);
$this->storageCache = new Storage($storage);
}
return $this->storageCache;
}
@ -451,4 +456,60 @@ abstract class Common implements \OC\Files\Storage\Storage {
return [];
}
/**
* @inheritdoc
*/
public function verifyPath($path, $fileName) {
// NOTE: $path will remain unverified for now
if (\OC_Util::runningOnWindows()) {
$this->verifyWindowsPath($fileName);
} else {
$this->verifyPosixPath($fileName);
}
}
/**
* https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx
* @param string $fileName
* @throws InvalidPathException
*/
protected function verifyWindowsPath($fileName) {
$fileName = trim($fileName);
$this->scanForInvalidCharacters($fileName, "\\/<>:\"|?*");
$reservedNames = ['CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9'];
if (in_array(strtoupper($fileName), $reservedNames)) {
throw new ReservedWordException();
}
}
/**
* @param string $fileName
* @throws InvalidPathException
*/
protected function verifyPosixPath($fileName) {
$fileName = trim($fileName);
$this->scanForInvalidCharacters($fileName, "\\/");
$reservedNames = ['*'];
if (in_array($fileName, $reservedNames)) {
throw new ReservedWordException();
}
}
/**
* @param string $fileName
* @param string $invalidChars
* @throws InvalidPathException
*/
private function scanForInvalidCharacters($fileName, $invalidChars) {
foreach(str_split($invalidChars) as $char) {
if (strpos($fileName, $char) !== false) {
throw new InvalidCharacterInPathException();
}
}
$sanitizedFileName = filter_var($fileName, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
if($sanitizedFileName !== $fileName) {
throw new InvalidCharacterInPathException();
}
}
}

12
lib/private/files/storage/wrapper/wrapper.php
View File

@ -8,6 +8,8 @@
namespace OC\Files\Storage\Wrapper;
use OCP\Files\InvalidPathException;
class Wrapper implements \OC\Files\Storage\Storage {
/**
* @var \OC\Files\Storage\Storage $storage
@ -477,4 +479,14 @@ class Wrapper implements \OC\Files\Storage\Storage {
public function getDirectDownload($path) {
return $this->storage->getDirectDownload($path);
}
/**
* @param string $path the path of the target folder
* @param string $fileName the name of the file itself
* @return void
* @throws InvalidPathException
*/
public function verifyPath($path, $fileName) {
$this->storage->verifyPath($path, $fileName);
}
}

52
lib/private/files/view.php
View File

@ -11,6 +11,9 @@ namespace OC\Files;
use OC\Files\Cache\Updater;
use OC\Files\Mount\MoveableMount;
use OCP\Files\InvalidCharacterInPathException;
use OCP\Files\InvalidPathException;
use OCP\Files\ReservedWordException;
/**
* Class to provide access to ownCloud filesystem via a "view", and methods for
@ -29,11 +32,10 @@ use OC\Files\Mount\MoveableMount;
* \OC\Files\Storage\Storage object
*/
class View {
/** @var string */
private $fakeRoot = '';
/**
* @var \OC\Files\Cache\Updater
*/
/** @var \OC\Files\Cache\Updater */
protected $updater;
/**
@ -116,7 +118,7 @@ class View {
* get the mountpoint of the storage object for a path
* ( note: because a storage is not always mounted inside the fakeroot, the
* returned mountpoint is relative to the absolute root of the filesystem
* and doesn't take the chroot into account )
* and does not take the chroot into account )
*
* @param string $path
* @return string
@ -129,7 +131,7 @@ class View {
* get the mountpoint of the storage object for a path
* ( note: because a storage is not always mounted inside the fakeroot, the
* returned mountpoint is relative to the absolute root of the filesystem
* and doesn't take the chroot into account )
* and does not take the chroot into account )
*
* @param string $path
* @return \OCP\Files\Mount\IMountPoint
@ -1532,7 +1534,45 @@ class View {
/**
* @return Updater
*/
public function getUpdater(){
public function getUpdater() {
return $this->updater;
}
/**
* @param string $path
* @param string $fileName
* @throws InvalidPathException
*/
public function verifyPath($path, $fileName) {
$l10n = \OC::$server->getL10N('lib');
// verify empty and dot files
$trimmed = trim($fileName);
if ($trimmed === '') {
throw new InvalidPathException($l10n->t('Empty filename is not allowed'));
}
if ($trimmed === '.' || $trimmed === '..') {
throw new InvalidPathException($l10n->t('Dot files are not allowed'));
}
// verify database - e.g. mysql only 3-byte chars
if (preg_match('%^(?:
\xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3
| [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15
| \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16
)*$%xs', $fileName)) {
throw new InvalidPathException($l10n->t('4-byte characters are not supported in file names'));
}
try {
/** @type \OCP\Files\Storage $storage */
list($storage, $internalPath) = $this->resolvePath($path);
$storage->verifyPath($internalPath, $fileName);
} catch (ReservedWordException $ex) {
throw new InvalidPathException($l10n->t('File name is a reserved word'));
} catch (InvalidCharacterInPathException $ex) {
throw new InvalidPathException($l10n->t('File name contains at least one invalid characters'));
}
}
}

78
lib/private/l10n.php
View File

@ -79,6 +79,48 @@ class OC_L10N implements \OCP\IL10N {
$this->lang = $lang;
}
/**
* @param $app
* @return string
*/
public static function setLanguageFromRequest($app = null) {
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
if (is_array($app)) {
$available = $app;
} else {
$available = self::findAvailableLanguages($app);
}
// E.g. make sure that 'de' is before 'de_DE'.
sort($available);
$preferences = preg_split('/,\s*/', strtolower($_SERVER['HTTP_ACCEPT_LANGUAGE']));
foreach ($preferences as $preference) {
list($preferred_language) = explode(';', $preference);
$preferred_language = str_replace('-', '_', $preferred_language);
foreach ($available as $available_language) {
if ($preferred_language === strtolower($available_language)) {
if (is_null($app)) {
self::$language = $available_language;
}
return $available_language;
}
}
foreach ($available as $available_language) {
if (substr($preferred_language, 0, 2) === $available_language) {
if (is_null($app)) {
self::$language = $available_language;
}
return $available_language;
}
}
}
}
// Last try: English
return 'en';
}
/**
* @param $transFile
* @param bool $mergeTranslations
@ -403,41 +445,7 @@ class OC_L10N implements \OCP\IL10N {
return $default_language;
}
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
if(is_array($app)) {
$available = $app;
} else {
$available = self::findAvailableLanguages($app);
}
// E.g. make sure that 'de' is before 'de_DE'.
sort($available);
$preferences = preg_split('/,\s*/', strtolower($_SERVER['HTTP_ACCEPT_LANGUAGE']));
foreach($preferences as $preference) {
list($preferred_language) = explode(';', $preference);
$preferred_language = str_replace('-', '_', $preferred_language);
foreach($available as $available_language) {
if ($preferred_language === strtolower($available_language)) {
if (is_null($app)) {
self::$language = $available_language;
}
return $available_language;
}
}
foreach($available as $available_language) {
if (substr($preferred_language, 0, 2) === $available_language) {
if (is_null($app)) {
self::$language = $available_language;
}
return $available_language;
}
}
}
}
// Last try: English
return 'en';
return self::setLanguageFromRequest($app);
}
/**

1
lib/private/util.php
View File

@ -1416,6 +1416,7 @@ class OC_Util {
*
* @param string $file file name to check
* @return bool true if the file name is valid, false otherwise
* @deprecated use \OC\Files\View::verifyPath()
*/
public static function isValidFileName($file) {
$trimmed = trim($file);

37
lib/public/files/invalidcharacterinpathexception.php Normal file
View File

@ -0,0 +1,37 @@
<?php
/**
* ownCloud
*
* @author Thomas Müller
* @copyright 2013 Thomas Müller deepdiver@owncloud.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
/**
* Public interface of ownCloud for apps to use.
* Files/InvalidCharacterInPathException class
*/
// use OCP namespace for all classes that are considered public.
// This means that they should be used by apps instead of the internal ownCloud classes
namespace OCP\Files;
/**
* Exception for invalid path
*/
class InvalidCharacterInPathException extends InvalidPathException {
}

37
lib/public/files/reservedwordexception.php Normal file
View File

@ -0,0 +1,37 @@
<?php
/**
* ownCloud
*
* @author Thomas Müller
* @copyright 2013 Thomas Müller deepdiver@owncloud.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
/**
* Public interface of ownCloud for apps to use.
* Files/ReservedWordException class
*/
// use OCP namespace for all classes that are considered public.
// This means that they should be used by apps instead of the internal ownCloud classes
namespace OCP\Files;
/**
* Exception for invalid path
*/
class ReservedWordException extends InvalidPathException {
}

9
lib/public/files/storage.php
View File

@ -28,6 +28,7 @@
// use OCP namespace for all classes that are considered public.
// This means that they should be used by apps instead of the internal ownCloud classes
namespace OCP\Files;
use OCP\Files\InvalidPathException;
/**
* Provide a common interface to all different storage options
@ -345,4 +346,12 @@ interface Storage {
* @return array|false
*/
public function getDirectDownload($path);
/**
* @param string $path the path of the target folder
* @param string $fileName the name of the file itself
* @return void
* @throws InvalidPathException
*/
public function verifyPath($path, $fileName);
}

1
lib/public/util.php
View File

@ -497,6 +497,7 @@ class Util {
* Returns whether the given file name is valid
* @param string $file file name to check
* @return bool true if the file name is valid, false otherwise
* @deprecated use \OC\Files\View::verifyPath()
*/
public static function isValidFileName($file) {
return \OC_Util::isValidFileName($file);

4
ocs/v1.php
View File

@ -39,8 +39,8 @@ try {
// load all apps to get all api routes properly setup
OC_App::loadApps();
// api calls always will return English
\OC_L10N::forceLanguage('en');
// force language as given in the http request
\OC_L10N::setLanguageFromRequest();
OC::$server->getRouter()->match('/ocs'.\OC::$server->getRequest()->getRawPathInfo());
} catch (ResourceNotFoundException $e) {

3
remote.php
View File

@ -29,6 +29,9 @@ try {
exit;
}
// force language as given in the http request
\OC_L10N::setLanguageFromRequest();
$file=ltrim($file, '/');
$parts=explode('/', $file, 2);

2
tests/lib/connector/sabre/directory.php
View File

@ -8,7 +8,9 @@
*/
class Test_OC_Connector_Sabre_Directory extends \Test\TestCase {
/** @var OC\Files\View | PHPUnit_Framework_MockObject_MockObject */
private $view;
/** @var OC\Files\FileInfo | PHPUnit_Framework_MockObject_MockObject */
private $info;
protected function setUp() {

44
tests/lib/connector/sabre/exception/invalidpathtest.php Normal file
View File

@ -0,0 +1,44 @@
<?php
namespace Test\Connector\Sabre\Exception;
use OC\Connector\Sabre\Exception\InvalidPath;
/**
* Copyright (c) 2015 Thomas Müller <deepdiver@owncloud.com>
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
class InvalidPathTest extends \Test\TestCase {
public function testSerialization() {
// create xml doc
$DOM = new \DOMDocument('1.0','utf-8');
$DOM->formatOutput = true;
$error = $DOM->createElementNS('DAV:','d:error');
$error->setAttribute('xmlns:s', \Sabre\DAV\Server::NS_SABREDAV);
$DOM->appendChild($error);
// serialize the exception
$message = "1234567890";
$retry = false;
$expectedXml = <<<EOD
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:o="http://owncloud.org/ns">
<o:retry xmlns:o="o:">false</o:retry>
<o:reason xmlns:o="o:">1234567890</o:reason>
</d:error>
EOD;
$ex = new InvalidPath($message, $retry);
$server = $this->getMock('Sabre\DAV\Server');
$ex->serialize($server, $error);
// assert
$xml = $DOM->saveXML();
$this->assertEquals($expectedXml, $xml);
}
}

19
tests/lib/connector/sabre/file.php
View File

@ -6,7 +6,12 @@
* See the COPYING-README file.
*/
class Test_OC_Connector_Sabre_File extends \Test\TestCase {
namespace Test\Connector\Sabre;
use OC_Connector_Sabre_File;
class File extends \Test\TestCase {
/**
* @expectedException \Sabre\DAV\Exception
@ -93,7 +98,7 @@ class Test_OC_Connector_Sabre_File extends \Test\TestCase {
}
/**
* @expectedException \Sabre\DAV\Exception\BadRequest
* @expectedException \OC\Connector\Sabre\Exception\InvalidPath
*/
public function testSimplePutInvalidChars() {
// setup
@ -104,9 +109,9 @@ class Test_OC_Connector_Sabre_File extends \Test\TestCase {
$view->expects($this->any())
->method('getRelativePath')
->will($this->returnValue('/super*star.txt'));
->will($this->returnValue('/*'));
$info = new \OC\Files\FileInfo('/super*star.txt', null, null, array(
$info = new \OC\Files\FileInfo('/*', null, null, array(
'permissions' => \OCP\Constants::PERMISSION_ALL
), null);
$file = new \OC\Connector\Sabre\File($view, $info);
@ -117,7 +122,7 @@ class Test_OC_Connector_Sabre_File extends \Test\TestCase {
/**
* Test setting name with setName() with invalid chars
* @expectedException \Sabre\DAV\Exception\BadRequest
* @expectedException \OC\Connector\Sabre\Exception\InvalidPath
*/
public function testSetNameInvalidChars() {
// setup
@ -125,9 +130,9 @@ class Test_OC_Connector_Sabre_File extends \Test\TestCase {
$view->expects($this->any())
->method('getRelativePath')
->will($this->returnValue('/super*star.txt'));
->will($this->returnValue('/*'));
$info = new \OC\Files\FileInfo('/super*star.txt', null, null, array(
$info = new \OC\Files\FileInfo('/*', null, null, array(
'permissions' => \OCP\Constants::PERMISSION_ALL
), null);
$file = new \OC\Connector\Sabre\File($view, $info);

3
tests/lib/connector/sabre/node.php
View File

@ -9,9 +9,6 @@
namespace Test\Connector\Sabre;
use OC\Files\FileInfo;
use OC\Files\View;
class Node extends \Test\TestCase {
public function davPermissionsProvider() {
return array(

22
tests/lib/connector/sabre/objecttree.php
View File

@ -47,29 +47,29 @@ class ObjectTree extends \Test\TestCase {
* @dataProvider moveFailedProvider
* @expectedException \Sabre\DAV\Exception\Forbidden
*/
public function testMoveFailed($source, $dest, $updatables, $deletables) {
$this->moveTest($source, $dest, $updatables, $deletables);
public function testMoveFailed($source, $destination, $updatables, $deletables) {
$this->moveTest($source, $destination, $updatables, $deletables);
}
/**
* @dataProvider moveSuccessProvider
*/
public function testMoveSuccess($source, $dest, $updatables, $deletables) {
$this->moveTest($source, $dest, $updatables, $deletables);
public function testMoveSuccess($source, $destination, $updatables, $deletables) {
$this->moveTest($source, $destination, $updatables, $deletables);
$this->assertTrue(true);
}
/**
* @dataProvider moveFailedInvalidCharsProvider
* @expectedException \Sabre\DAV\Exception\BadRequest
* @expectedException \OC\Connector\Sabre\Exception\InvalidPath
*/
public function testMoveFailedInvalidChars($source, $dest, $updatables, $deletables) {
$this->moveTest($source, $dest, $updatables, $deletables);
public function testMoveFailedInvalidChars($source, $destination, $updatables, $deletables) {
$this->moveTest($source, $destination, $updatables, $deletables);
}
function moveFailedInvalidCharsProvider() {
return array(
array('a/b', 'a/c*', array('a' => false, 'a/b' => true, 'a/c*' => false), array()),
array('a/b', 'a/*', array('a' => false, 'a/b' => true, 'a/c*' => false), array()),
);
}
@ -94,10 +94,10 @@ class ObjectTree extends \Test\TestCase {
/**
* @param $source
* @param $dest
* @param $destination
* @param $updatables
*/
private function moveTest($source, $dest, $updatables, $deletables) {
private function moveTest($source, $destination, $updatables, $deletables) {
$view = new TestDoubleFileView($updatables, $deletables);
$info = new FileInfo('', null, null, array(), null);
@ -115,7 +115,7 @@ class ObjectTree extends \Test\TestCase {
/** @var $objectTree \OC\Connector\Sabre\ObjectTree */
$mountManager = \OC\Files\Filesystem::getMountManager();
$objectTree->init($rootDir, $view, $mountManager);
$objectTree->move($source, $dest);
$objectTree->move($source, $destination);
}
/**

223
tests/lib/files/pathverificationtest.php Normal file
View File

@ -0,0 +1,223 @@
<?php
/**
* Copyright (c) 2015 Thomas Müller <deepdiver@owncloud.com>
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file. */
namespace Test\Files;
use OC\Files\Storage\Local;
use OC\Files\View;
class PathVerification extends \Test\TestCase {
/**
* @var \OC\Files\View
*/
private $view;
protected function setUp() {
parent::setUp();
$this->view = new View();
}
/**
* @dataProvider providesEmptyFiles
* @expectedException \OCP\Files\InvalidPathException
* @expectedExceptionMessage Empty filename is not allowed
*/
public function testPathVerificationEmptyFileName($fileName) {
$this->view->verifyPath('', $fileName);
}
public function providesEmptyFiles() {
return [
[''],
[' '],
];
}
/**
* @dataProvider providesDotFiles
* @expectedException \OCP\Files\InvalidPathException
* @expectedExceptionMessage Dot files are not allowed
*/
public function testPathVerificationDotFiles($fileName) {
$this->view->verifyPath('', $fileName);
}
public function providesDotFiles() {
return [
['.'],
['..'],
[' .'],
[' ..'],
['. '],
['.. '],
[' . '],
[' .. '],
];
}
/**
* @dataProvider providesAstralPlane
* @expectedException \OCP\Files\InvalidPathException
* @expectedExceptionMessage 4-byte characters are not supported in file names
*/
public function testPathVerificationAstralPlane($fileName) {
$this->view->verifyPath('', $fileName);
}
public function providesAstralPlane() {
return [
// this is the monkey emoji - http://en.wikipedia.org/w/index.php?title=%F0%9F%90%B5&redirect=no
['🐵'],
];
}
/**
* @dataProvider providesInvalidCharsWindows
* @expectedException \OCP\Files\InvalidCharacterInPathException
*/
public function testPathVerificationInvalidCharsWindows($fileName) {
$storage = new Local(['datadir' => '']);
$fileName = " 123{$fileName}456 ";
\Test_Helper::invokePrivate($storage, 'verifyWindowsPath', [$fileName]);
}
public function providesInvalidCharsWindows() {
return [
[\chr(0)],
[\chr(1)],
[\chr(2)],
[\chr(3)],
[\chr(4)],
[\chr(5)],
[\chr(6)],
[\chr(7)],
[\chr(8)],
[\chr(9)],
[\chr(10)],
[\chr(11)],
[\chr(12)],
[\chr(13)],
[\chr(14)],
[\chr(15)],
[\chr(16)],
[\chr(17)],
[\chr(18)],
[\chr(19)],
[\chr(20)],
[\chr(21)],
[\chr(22)],
[\chr(23)],
[\chr(24)],
[\chr(25)],
[\chr(26)],
[\chr(27)],
[\chr(28)],
[\chr(29)],
[\chr(30)],
[\chr(31)],
['<'],
['>'],
[':'],
['"'],
['/'],
['\\'],
['|'],
['?'],
['*'],
];
}
/**
* @dataProvider providesInvalidCharsPosix
* @expectedException \OCP\Files\InvalidCharacterInPathException
*/
public function testPathVerificationInvalidCharsPosix($fileName) {
$storage = new Local(['datadir' => '']);
$fileName = " 123{$fileName}456 ";
\Test_Helper::invokePrivate($storage, 'verifyWindowsPath', [$fileName]);
}
public function providesInvalidCharsPosix() {
return [
[\chr(0)],
[\chr(1)],
[\chr(2)],
[\chr(3)],
[\chr(4)],
[\chr(5)],
[\chr(6)],
[\chr(7)],
[\chr(8)],
[\chr(9)],
[\chr(10)],
[\chr(11)],
[\chr(12)],
[\chr(13)],
[\chr(14)],
[\chr(15)],
[\chr(16)],
[\chr(17)],
[\chr(18)],
[\chr(19)],
[\chr(20)],
[\chr(21)],
[\chr(22)],
[\chr(23)],
[\chr(24)],
[\chr(25)],
[\chr(26)],
[\chr(27)],
[\chr(28)],
[\chr(29)],
[\chr(30)],
[\chr(31)],
['/'],
['\\'],
];
}
/**
* @dataProvider providesReservedNamesWindows
* @expectedException \OCP\Files\ReservedWordException
*/
public function testPathVerificationReservedNamesWindows($fileName) {
$storage = new Local(['datadir' => '']);
\Test_Helper::invokePrivate($storage, 'verifyWindowsPath', [$fileName]);
}
public function providesReservedNamesWindows() {
return [
[' CON '],
['prn '],
['AUX'],
['NUL'],
['COM1'],
['COM2'],
['COM3'],
['COM4'],
['COM5'],
['COM6'],
['COM7'],
['COM8'],
['COM9'],
['LPT1'],
['LPT2'],
['LPT3'],
['LPT4'],
['LPT5'],
['LPT6'],
['LPT7'],
['LPT8'],
['LPT9']
];
}
}