From 82a2492c336faea00d6e822a7b0284ced7f41796 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Fri, 19 Jun 2020 14:57:58 +0200 Subject: [PATCH] show better error messages when a file with a forbidden path is encountered Signed-off-by: Robin Appelman --- lib/private/Files/Storage/Local.php | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/lib/private/Files/Storage/Local.php b/lib/private/Files/Storage/Local.php index f0a81f4893..26687f9608 100644 --- a/lib/private/Files/Storage/Local.php +++ b/lib/private/Files/Storage/Local.php @@ -286,16 +286,14 @@ class Local extends \OC\Files\Storage\Common { } } - private function treeContainsBlacklistedFile(string $path): bool { + private function checkTreeForForbiddenItems(string $path) { $iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($path)); foreach ($iterator as $file) { /** @var \SplFileInfo $file */ if (Filesystem::isFileBlacklisted($file->getBasename())) { - return true; + throw new ForbiddenException('Invalid path: ' . $file->getPathname(), false); } } - - return false; } public function rename($path1, $path2) { @@ -335,9 +333,7 @@ class Local extends \OC\Files\Storage\Common { return $result; } - if ($this->treeContainsBlacklistedFile($this->getSourcePath($path1))) { - throw new ForbiddenException('Invalid path', false); - } + $this->checkTreeForForbiddenItems($this->getSourcePath($path1)); } return rename($this->getSourcePath($path1), $this->getSourcePath($path2)); @@ -435,7 +431,7 @@ class Local extends \OC\Files\Storage\Common { */ public function getSourcePath($path) { if (Filesystem::isFileBlacklisted($path)) { - throw new ForbiddenException('Invalid path', false); + throw new ForbiddenException('Invalid path: ' . $path, false); } $fullPath = $this->datadir . $path;