From 6ae5ae2e3167c9fe15a24cdb9657ec5fa1a99188 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Fri, 5 Jun 2015 16:21:55 +0200 Subject: [PATCH 1/2] Prevent deleting Webdav root --- lib/private/connector/sabre/directory.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/private/connector/sabre/directory.php b/lib/private/connector/sabre/directory.php index 6e028ca9da..85756f112e 100644 --- a/lib/private/connector/sabre/directory.php +++ b/lib/private/connector/sabre/directory.php @@ -230,7 +230,7 @@ class Directory extends \OC\Connector\Sabre\Node */ public function delete() { - if (!$this->info->isDeletable()) { + if ($this->path === '' || $this->path === '/' || !$this->info->isDeletable()) { throw new \Sabre\DAV\Exception\Forbidden(); } From b97be0ea02a62a8ed4c58d254714f280e071d16a Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Fri, 5 Jun 2015 19:04:59 +0200 Subject: [PATCH 2/2] Fix sabre directory test cases - rely on a mock subfolder instead of the root - remove obsolete "Shared" limitation tests which did pass but not for the right reasons - added test for the prevention of root deletion --- tests/lib/connector/sabre/directory.php | 39 ++++++++++--------------- 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/tests/lib/connector/sabre/directory.php b/tests/lib/connector/sabre/directory.php index a048c7ab30..c846f109d8 100644 --- a/tests/lib/connector/sabre/directory.php +++ b/tests/lib/connector/sabre/directory.php @@ -20,14 +20,14 @@ class Test_OC_Connector_Sabre_Directory extends \Test\TestCase { $this->info = $this->getMock('OC\Files\FileInfo', array(), array(), '', false); } - private function getRootDir() { + private function getDir($path = '/') { $this->view->expects($this->once()) ->method('getRelativePath') - ->will($this->returnValue('')); + ->will($this->returnValue($path)); $this->info->expects($this->once()) ->method('getPath') - ->will($this->returnValue('')); + ->will($this->returnValue($path)); return new \OC\Connector\Sabre\Directory($this->view, $this->info); } @@ -35,24 +35,13 @@ class Test_OC_Connector_Sabre_Directory extends \Test\TestCase { /** * @expectedException \Sabre\DAV\Exception\Forbidden */ - public function testCreateSharedFileFails() { - $dir = $this->getRootDir(); - $dir->createFile('Shared'); - } - - /** - * @expectedException \Sabre\DAV\Exception\Forbidden - */ - public function testCreateSharedFolderFails() { - $dir = $this->getRootDir(); - $dir->createDirectory('Shared'); - } - - /** - * @expectedException \Sabre\DAV\Exception\Forbidden - */ - public function testDeleteSharedFolderFails() { - $dir = $this->getRootDir(); + public function testDeleteRootFolderFails() { + $this->info->expects($this->any()) + ->method('isDeletable') + ->will($this->returnValue(true)); + $this->view->expects($this->never()) + ->method('rmdir'); + $dir = $this->getDir(); $dir->delete(); } @@ -68,9 +57,10 @@ class Test_OC_Connector_Sabre_Directory extends \Test\TestCase { // but fails $this->view->expects($this->once()) ->method('rmdir') + ->with('sub') ->will($this->returnValue(true)); - $dir = $this->getRootDir(); + $dir = $this->getDir('sub'); $dir->delete(); } @@ -82,7 +72,7 @@ class Test_OC_Connector_Sabre_Directory extends \Test\TestCase { ->method('isDeletable') ->will($this->returnValue(false)); - $dir = $this->getRootDir(); + $dir = $this->getDir('sub'); $dir->delete(); } @@ -98,9 +88,10 @@ class Test_OC_Connector_Sabre_Directory extends \Test\TestCase { // but fails $this->view->expects($this->once()) ->method('rmdir') + ->with('sub') ->will($this->returnValue(false)); - $dir = $this->getRootDir(); + $dir = $this->getDir('sub'); $dir->delete(); }