diff --git a/lib/private/DirectEditing/Manager.php b/lib/private/DirectEditing/Manager.php index 0e7e988eef..1ea09e74d5 100644 --- a/lib/private/DirectEditing/Manager.php +++ b/lib/private/DirectEditing/Manager.php @@ -27,6 +27,7 @@ namespace OC\DirectEditing; use Doctrine\DBAL\FetchMode; +use OC\Files\Node\Folder; use OCP\AppFramework\Http\NotFoundResponse; use OCP\AppFramework\Http\Response; use OCP\AppFramework\Http\TemplateResponse; @@ -130,7 +131,12 @@ class Manager implements IManager { if ($userFolder->nodeExists($path)) { throw new \RuntimeException('File already exists'); } else { - $file = $userFolder->newFile($path); + if (!$userFolder->nodeExists(dirname($path))) { + throw new \RuntimeException('Invalid path'); + } + /** @var Folder $folder */ + $folder = $userFolder->get(dirname($path)); + $file = $folder->newFile(basename($path)); $editor = $this->getEditor($editorId); $creators = $editor->getCreators(); foreach ($creators as $creator) { diff --git a/lib/private/Files/Template/TemplateManager.php b/lib/private/Files/Template/TemplateManager.php index 44e1b10fa3..a81851b275 100644 --- a/lib/private/Files/Template/TemplateManager.php +++ b/lib/private/Files/Template/TemplateManager.php @@ -154,7 +154,11 @@ class TemplateManager implements ITemplateManager { } catch (NotFoundException $e) { } try { - $targetFile = $userFolder->newFile($filePath); + if (!$userFolder->nodeExists(dirname($filePath))) { + throw new GenericFileException($this->l10n->t('Invalid path')); + } + $folder = $userFolder->get(dirname($filePath)); + $targetFile = $folder->newFile(basename($filePath)); if ($templateType === 'user' && $templateId !== '') { $template = $userFolder->get($templateId); $template->copy($targetFile->getPath()); diff --git a/tests/lib/DirectEditing/ManagerTest.php b/tests/lib/DirectEditing/ManagerTest.php index 73bb4a836d..b00de02bcf 100644 --- a/tests/lib/DirectEditing/ManagerTest.php +++ b/tests/lib/DirectEditing/ManagerTest.php @@ -154,11 +154,16 @@ class ManagerTest extends TestCase { $this->random->expects($this->once()) ->method('generate') ->willReturn($expectedToken); + $folder = $this->createMock(Folder::class); $this->userFolder ->method('nodeExists') - ->with('/File.txt') - ->willReturn(false); - $this->userFolder->expects($this->once()) + ->withConsecutive(['/File.txt'], ['/']) + ->willReturnOnConsecutiveCalls(false, true); + $this->userFolder + ->method('get') + ->with('/') + ->willReturn($folder); + $folder->expects($this->once()) ->method('newFile') ->willReturn($file); $token = $this->manager->create('/File.txt', 'testeditor', 'createEmpty'); @@ -174,11 +179,16 @@ class ManagerTest extends TestCase { $this->random->expects($this->once()) ->method('generate') ->willReturn($expectedToken); + $folder = $this->createMock(Folder::class); $this->userFolder ->method('nodeExists') - ->with('/File.txt') - ->willReturn(false); - $this->userFolder->expects($this->once()) + ->withConsecutive(['/File.txt'], ['/']) + ->willReturnOnConsecutiveCalls(false, true); + $this->userFolder + ->method('get') + ->with('/') + ->willReturn($folder); + $folder->expects($this->once()) ->method('newFile') ->willReturn($file); $this->manager->create('/File.txt', 'testeditor', 'createEmpty');