mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #26290 from nextcloud/backport/21484/stable20 

[stable20] show better error messages when a file with a forbidden path is encountered
This commit is contained in:
Morris Jobke 2021-03-26 13:51:02 +01:00 committed by GitHub
parent 20cb2b49e6 82a2492c33
commit a8c6ffaf9a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/private/Files/Storage/Local.php
View File

@ -286,16 +286,14 @@ class Local extends \OC\Files\Storage\Common {
} }
} }
private function treeContainsBlacklistedFile(string $path): bool { private function checkTreeForForbiddenItems(string $path) {
$iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($path)); $iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($path));
foreach ($iterator as $file) { foreach ($iterator as $file) {
/** @var \SplFileInfo $file */ /** @var \SplFileInfo $file */
if (Filesystem::isFileBlacklisted($file->getBasename())) { if (Filesystem::isFileBlacklisted($file->getBasename())) {
return true; throw new ForbiddenException('Invalid path: ' . $file->getPathname(), false);
} }
} }
return false;
} }
public function rename($path1, $path2) { public function rename($path1, $path2) {
@ -335,9 +333,7 @@ class Local extends \OC\Files\Storage\Common {
return $result; return $result;
} }
if ($this->treeContainsBlacklistedFile($this->getSourcePath($path1))) { $this->checkTreeForForbiddenItems($this->getSourcePath($path1));
throw new ForbiddenException('Invalid path', false);
}
} }
return rename($this->getSourcePath($path1), $this->getSourcePath($path2)); return rename($this->getSourcePath($path1), $this->getSourcePath($path2));
@ -435,7 +431,7 @@ class Local extends \OC\Files\Storage\Common {
*/ */
public function getSourcePath($path) { public function getSourcePath($path) {
if (Filesystem::isFileBlacklisted($path)) { if (Filesystem::isFileBlacklisted($path)) {
throw new ForbiddenException('Invalid path', false); throw new ForbiddenException('Invalid path: ' . $path, false);
} }
$fullPath = $this->datadir . $path; $fullPath = $this->datadir . $path;