mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

show better error messages when a file with a forbidden path is encountered 

Signed-off-by: Robin Appelman <robin@icewind.nl>
This commit is contained in:
Robin Appelman 2020-06-19 14:57:58 +02:00 committed by backportbot[bot]
parent f6cbda9e60
commit 82a2492c33
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/private/Files/Storage/Local.php
View File

@ -286,16 +286,14 @@ class Local extends \OC\Files\Storage\Common {
} }
} }
private function treeContainsBlacklistedFile(string $path): bool { private function checkTreeForForbiddenItems(string $path) {
$iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($path)); $iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($path));
foreach ($iterator as $file) { foreach ($iterator as $file) {
/** @var \SplFileInfo $file */ /** @var \SplFileInfo $file */
if (Filesystem::isFileBlacklisted($file->getBasename())) { if (Filesystem::isFileBlacklisted($file->getBasename())) {
return true; throw new ForbiddenException('Invalid path: ' . $file->getPathname(), false);
} }
} }
return false;
} }
public function rename($path1, $path2) { public function rename($path1, $path2) {
@ -335,9 +333,7 @@ class Local extends \OC\Files\Storage\Common {
return $result; return $result;
} }
if ($this->treeContainsBlacklistedFile($this->getSourcePath($path1))) { $this->checkTreeForForbiddenItems($this->getSourcePath($path1));
throw new ForbiddenException('Invalid path', false);
}
} }
return rename($this->getSourcePath($path1), $this->getSourcePath($path2)); return rename($this->getSourcePath($path1), $this->getSourcePath($path2));
@ -435,7 +431,7 @@ class Local extends \OC\Files\Storage\Common {
*/ */
public function getSourcePath($path) { public function getSourcePath($path) {
if (Filesystem::isFileBlacklisted($path)) { if (Filesystem::isFileBlacklisted($path)) {
throw new ForbiddenException('Invalid path', false); throw new ForbiddenException('Invalid path: ' . $path, false);
} }
$fullPath = $this->datadir . $path; $fullPath = $this->datadir . $path;