From fdf7eb10a2ab782ad1167c808ffee595832988dc Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Fri, 19 Jun 2020 14:57:58 +0200 Subject: [PATCH] show better error messages when a file with a forbidden path is encountered Signed-off-by: Robin Appelman --- lib/private/Files/Storage/Local.php | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/lib/private/Files/Storage/Local.php b/lib/private/Files/Storage/Local.php index 944b0b6995..c21364847e 100644 --- a/lib/private/Files/Storage/Local.php +++ b/lib/private/Files/Storage/Local.php @@ -288,16 +288,14 @@ class Local extends \OC\Files\Storage\Common { } } - private function treeContainsBlacklistedFile(string $path): bool { + private function checkTreeForForbiddenItems(string $path) { $iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($path)); foreach ($iterator as $file) { /** @var \SplFileInfo $file */ if (Filesystem::isFileBlacklisted($file->getBasename())) { - return true; + throw new ForbiddenException('Invalid path: ' . $file->getPathname(), false); } } - - return false; } public function rename($path1, $path2) { @@ -337,9 +335,7 @@ class Local extends \OC\Files\Storage\Common { return $result; } - if ($this->treeContainsBlacklistedFile($this->getSourcePath($path1))) { - throw new ForbiddenException('Invalid path', false); - } + $this->checkTreeForForbiddenItems($this->getSourcePath($path1)); } return rename($this->getSourcePath($path1), $this->getSourcePath($path2)); @@ -437,7 +433,7 @@ class Local extends \OC\Files\Storage\Common { */ public function getSourcePath($path) { if (Filesystem::isFileBlacklisted($path)) { - throw new ForbiddenException('Invalid path', false); + throw new ForbiddenException('Invalid path: ' . $path, false); } $fullPath = $this->datadir . $path;