Merge 2439b7ca12 into 773e28d8e4

lib/private/Files/Storage/Local.php

@@ -162,7 +162,14 @@ class Local extends \OC\Files\Storage\Common {
 	 * @inheritdoc
 	 */
 	public function getMetaData($path) {
-		$stat = $this->stat($path);
+		$stat = null;
+
+		try {
+			$stat = $this->stat($path);
+		} catch (ForbiddenException $e) {
+			$stat = false;
+		}
+
 		if (!$stat) {
 			return null;
 		}
@@ -456,7 +463,9 @@ class Local extends \OC\Files\Storage\Common {
 		}
 		$pathToResolve = $fullPath;
 		$realPath = realpath($pathToResolve);
+		$fileExists = true;
 		while ($realPath === false) { // for non existing files check the parent directory
+			$fileExists = false;
 			$currentPath = dirname($currentPath);
 			if ($currentPath === '' || $currentPath === '.') {
 				return $fullPath;
@@ -466,11 +475,14 @@ class Local extends \OC\Files\Storage\Common {
 		if ($realPath) {
 			$realPath = $realPath . '/';
 		}
-		if (substr($realPath, 0, $this->dataDirLength) === $this->realDataDir) {
+		if ($fileExists && rtrim($fullPath, '/.') === $fullPath && substr($fullPath, 0, strlen($realPath)) === $realPath) {
+			\OCP\Util::writeLog('core', "Cyclic symlinks are not allowed ('$fullPath' -> '$realPath')", ILogger::ERROR);
+		} elseif (substr($realPath, 0, $this->dataDirLength) === $this->realDataDir) {
 			return $fullPath;
+		} else {
+			\OCP\Util::writeLog('core', "Following symlinks is not allowed ('$fullPath' -> '$realPath' not inside '{$this->realDataDir}')", ILogger::ERROR);
 		}
 
-		\OCP\Util::writeLog('core', "Following symlinks is not allowed ('$fullPath' -> '$realPath' not inside '{$this->realDataDir}')", ILogger::ERROR);
 		throw new ForbiddenException('Following symlinks is not allowed', false);
 	}