Merge pull request #17879 from owncloud/scan-check-path
check if the user is trying to scan a valid path
This commit is contained in:
commit
c030ae9dec
|
@ -131,6 +131,9 @@ class Scanner extends PublicEmitter {
|
||||||
* @throws \OC\ForbiddenException
|
* @throws \OC\ForbiddenException
|
||||||
*/
|
*/
|
||||||
public function scan($dir = '') {
|
public function scan($dir = '') {
|
||||||
|
if (!Filesystem::isValidPath($dir)) {
|
||||||
|
throw new \InvalidArgumentException('Invalid path to scan');
|
||||||
|
}
|
||||||
$mounts = $this->getMounts($dir);
|
$mounts = $this->getMounts($dir);
|
||||||
foreach ($mounts as $mount) {
|
foreach ($mounts as $mount) {
|
||||||
if (is_null($mount->getStorage())) {
|
if (is_null($mount->getStorage())) {
|
||||||
|
|
|
@ -189,4 +189,32 @@ class Scanner extends \Test\TestCase {
|
||||||
$newInfo = $cache->get('');
|
$newInfo = $cache->get('');
|
||||||
$this->assertNotEquals($oldInfo['etag'], $newInfo['etag']);
|
$this->assertNotEquals($oldInfo['etag'], $newInfo['etag']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
public function invalidPathProvider() {
|
||||||
|
return [
|
||||||
|
[
|
||||||
|
'../',
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'..\\',
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'../..\\../',
|
||||||
|
],
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @dataProvider invalidPathProvider
|
||||||
|
* @expectedException \InvalidArgumentException
|
||||||
|
* @expectedExceptionMessage Invalid path to scan
|
||||||
|
* @param string $invalidPath
|
||||||
|
*/
|
||||||
|
public function testInvalidPathScanning($invalidPath) {
|
||||||
|
$scanner = new TestScanner('', \OC::$server->getDatabaseConnection());
|
||||||
|
$scanner->scan($invalidPath);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue