From 0b2c9b823c7b421d4305cb25a85074dbde14bc12 Mon Sep 17 00:00:00 2001
From: Vincent Petry <pvince81@owncloud.com>
Date: Thu, 21 Nov 2013 17:21:51 +0100
Subject: [PATCH 1/3] Prevent using root as mount point for external storage

Fixes #5981
---
 apps/files_external/lib/config.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/apps/files_external/lib/config.php b/apps/files_external/lib/config.php
index 4364307651..de42fe2f75 100755
--- a/apps/files_external/lib/config.php
+++ b/apps/files_external/lib/config.php
@@ -266,6 +266,11 @@ class OC_Mount_Config {
 										 $mountType,
 										 $applicable,
 										 $isPersonal = false) {
+		$mountPoint = OC\Files\Filesystem::normalizePath($mountPoint);
+		if ($mountPoint === '' || $mountPoint === '/') {
+			// can't mount at root
+			return false;
+		}
 		if ($isPersonal) {
 			// Verify that the mount point applies for the current user
 			// Prevent non-admin users from mounting local storage

From 476d8e6de073a095dda012079e7a6697e481c3c3 Mon Sep 17 00:00:00 2001
From: Vincent Petry <pvince81@owncloud.com>
Date: Thu, 21 Nov 2013 17:26:13 +0100
Subject: [PATCH 2/3] Added unit test for root mount point validation

---
 apps/files_external/tests/mountconfig.php | 49 +++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 apps/files_external/tests/mountconfig.php

diff --git a/apps/files_external/tests/mountconfig.php b/apps/files_external/tests/mountconfig.php
new file mode 100644
index 0000000000..77241c4dd2
--- /dev/null
+++ b/apps/files_external/tests/mountconfig.php
@@ -0,0 +1,49 @@
+<?php
+/**
+ * ownCloud
+ *
+ * @author Vincent Petry
+ * Copyright (c) 2013 Vincent Petry <pvince81@owncloud.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+require_once __DIR__ . '/../../../lib/base.php';
+
+require __DIR__ . '/../lib/config.php';
+
+class Test_Mount_Config_Dummy_Storage {
+	public function test() {
+		return true;
+	}
+}
+
+/**
+ * Class Test_Mount_Config
+ */
+class Test_Mount_Config extends \PHPUnit_Framework_TestCase {
+	/**
+	 * Test mount point validation
+	 */
+	public function testAddMountPointValidation() {
+		$storageClass = 'Test_Mount_Config_Dummy_Storage';
+		$mountType = 'user';
+		$applicable = 'all';
+		$isPersonal = false;
+		$this->assertEquals(false, OC_Mount_Config::addMountPoint('', $storageClass, array(), $mountType, $applicable, $isPersonal));
+		$this->assertEquals(false, OC_Mount_Config::addMountPoint('/', $storageClass, array(), $mountType, $applicable, $isPersonal));
+
+	}
+}

From 2d947835b94362982c98caba68aa1073ab466249 Mon Sep 17 00:00:00 2001
From: Vincent Petry <pvince81@owncloud.com>
Date: Fri, 22 Nov 2013 18:36:27 +0100
Subject: [PATCH 3/3] Now also preventing the user of "Shared" as mountpoint

---
 apps/files_external/lib/config.php        | 4 ++--
 apps/files_external/tests/mountconfig.php | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/apps/files_external/lib/config.php b/apps/files_external/lib/config.php
index de42fe2f75..aaa6c5be1a 100755
--- a/apps/files_external/lib/config.php
+++ b/apps/files_external/lib/config.php
@@ -267,8 +267,8 @@ class OC_Mount_Config {
 										 $applicable,
 										 $isPersonal = false) {
 		$mountPoint = OC\Files\Filesystem::normalizePath($mountPoint);
-		if ($mountPoint === '' || $mountPoint === '/') {
-			// can't mount at root
+		if ($mountPoint === '' || $mountPoint === '/' || $mountPoint == '/Shared') {
+			// can't mount at root or "Shared" folder
 			return false;
 		}
 		if ($isPersonal) {
diff --git a/apps/files_external/tests/mountconfig.php b/apps/files_external/tests/mountconfig.php
index 77241c4dd2..941aec680b 100644
--- a/apps/files_external/tests/mountconfig.php
+++ b/apps/files_external/tests/mountconfig.php
@@ -44,6 +44,8 @@ class Test_Mount_Config extends \PHPUnit_Framework_TestCase {
 		$isPersonal = false;
 		$this->assertEquals(false, OC_Mount_Config::addMountPoint('', $storageClass, array(), $mountType, $applicable, $isPersonal));
 		$this->assertEquals(false, OC_Mount_Config::addMountPoint('/', $storageClass, array(), $mountType, $applicable, $isPersonal));
+		$this->assertEquals(false, OC_Mount_Config::addMountPoint('Shared', $storageClass, array(), $mountType, $applicable, $isPersonal));
+		$this->assertEquals(false, OC_Mount_Config::addMountPoint('/Shared', $storageClass, array(), $mountType, $applicable, $isPersonal));
 
 	}
 }