Merge pull request #17879 from owncloud/scan-check-path
check if the user is trying to scan a valid path
This commit is contained in:
commit
c030ae9dec
|
@ -131,6 +131,9 @@ class Scanner extends PublicEmitter {
|
|||
* @throws \OC\ForbiddenException
|
||||
*/
|
||||
public function scan($dir = '') {
|
||||
if (!Filesystem::isValidPath($dir)) {
|
||||
throw new \InvalidArgumentException('Invalid path to scan');
|
||||
}
|
||||
$mounts = $this->getMounts($dir);
|
||||
foreach ($mounts as $mount) {
|
||||
if (is_null($mount->getStorage())) {
|
||||
|
|
|
@ -189,4 +189,32 @@ class Scanner extends \Test\TestCase {
|
|||
$newInfo = $cache->get('');
|
||||
$this->assertNotEquals($oldInfo['etag'], $newInfo['etag']);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function invalidPathProvider() {
|
||||
return [
|
||||
[
|
||||
'../',
|
||||
],
|
||||
[
|
||||
'..\\',
|
||||
],
|
||||
[
|
||||
'../..\\../',
|
||||
],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider invalidPathProvider
|
||||
* @expectedException \InvalidArgumentException
|
||||
* @expectedExceptionMessage Invalid path to scan
|
||||
* @param string $invalidPath
|
||||
*/
|
||||
public function testInvalidPathScanning($invalidPath) {
|
||||
$scanner = new TestScanner('', \OC::$server->getDatabaseConnection());
|
||||
$scanner->scan($invalidPath);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue