Merge pull request #2821 from owncloud/fix-2159-rename-to-shared

fix allowed rename of folder in root directory to reserved name "Shared"

apps/files/ajax/rename.php

@@ -1,26 +1,41 @@
 <?php
 
-// Init owncloud
-
+/**
+ * ownCloud - Core
+ *
+ * @author Morris Jobke
+ * @copyright 2013 Morris Jobke morris.jobke@gmail.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
 
 OCP\JSON::checkLoggedIn();
 OCP\JSON::callCheck();
 
-// Get data
-$dir = stripslashes($_GET["dir"]);
-$file = stripslashes($_GET["file"]);
-$newname = stripslashes($_GET["newname"]);
+$files = new \OCA\Files\App(
+	\OC\Files\Filesystem::getView(),
+	\OC_L10n::get('files')
+);
+$result = $files->rename(
+	$_GET["dir"],
+	$_GET["file"],
+	$_GET["newname"]
+);
 
-$l = OC_L10N::get('files');
-
-if ( $newname !== '.' and ($dir != '' || $file != 'Shared') and $newname !== '.') {
-	$targetFile = \OC\Files\Filesystem::normalizePath($dir . '/' . $newname);
-	$sourceFile = \OC\Files\Filesystem::normalizePath($dir . '/' . $file);
-	if(\OC\Files\Filesystem::rename($sourceFile, $targetFile)) {
-		OCP\JSON::success(array("data" => array( "dir" => $dir, "file" => $file, "newname" => $newname )));
-	} else {
-		OCP\JSON::error(array("data" => array( "message" => $l->t("Unable to rename file") )));
-	}
-}else{
-	OCP\JSON::error(array("data" => array( "message" => $l->t("Unable to rename file") )));
-}
+if($result['success'] === true){
+	OCP\JSON::success(array('data' => $result['data']));
+} else {
+	OCP\JSON::error(array('data' => $result['data']));
+}

apps/files/lib/app.php

@@ -0,0 +1,79 @@
+<?php
+
+/**
+ * ownCloud - Core
+ *
+ * @author Morris Jobke
+ * @copyright 2013 Morris Jobke morris.jobke@gmail.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+namespace OCA\Files;
+
+class App {
+	private $l10n;
+	private $view;
+
+	public function __construct($view, $l10n) {
+		$this->view = $view;
+		$this->l10n = $l10n;
+	}
+
+	/**
+	 * rename a file
+	 *
+	 * @param string $dir
+	 * @param string $oldname
+	 * @param string $newname
+	 * @return array
+	 */
+	public function rename($dir, $oldname, $newname) {
+		$result = array(
+			'success' 	=> false,
+			'data'		=> NULL
+		);
+
+		// rename to "/Shared" is denied
+		if( $dir === '/' and $newname === 'Shared' ) {
+			$result['data'] = array(
+				'message'	=> $this->l10n->t("Invalid folder name. Usage of 'Shared' is reserved by ownCloud")
+			);
+		} elseif(
+			// rename to "." is denied
+			$newname !== '.' and
+			// rename of  "/Shared" is denied
+			!($dir === '/' and $oldname === 'Shared') and
+			// THEN try to rename
+			$this->view->rename($dir . '/' . $oldname, $dir . '/' . $newname)
+		) {
+			// successful rename
+			$result['success'] = true;
+			$result['data'] = array(
+				'dir'		=> $dir,
+				'file'		=> $oldname,
+				'newname'	=> $newname
+			);
+		} else {
+			// rename failed
+			$result['data'] = array(
+				'message'	=> $this->l10n->t('Unable to rename file')
+			);
+		}
+		return $result;
+	}
+
+}

apps/files/tests/ajax_rename.php

@@ -0,0 +1,117 @@
+<?php
+
+/**
+ * ownCloud - Core
+ *
+ * @author Morris Jobke
+ * @copyright 2013 Morris Jobke morris.jobke@gmail.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+class Test_OC_Files_App_Rename extends \PHPUnit_Framework_TestCase {
+
+	function setUp() {
+		// mock OC_L10n
+		$l10nMock = $this->getMock('\OC_L10N', array('t'), array(), '', false);
+		$l10nMock->expects($this->any())
+			->method('t')
+			->will($this->returnArgument(0));
+		$viewMock = $this->getMock('\OC\Files\View', array('rename', 'normalizePath'), array(), '', false);
+		$viewMock->expects($this->any())
+			->method('normalizePath')
+			->will($this->returnArgument(0));
+		$viewMock->expects($this->any())
+			->method('rename')
+			->will($this->returnValue(true));
+		$this->files = new \OCA\Files\App($viewMock, $l10nMock);
+	}
+
+	/**
+	 * @brief test rename of file/folder named "Shared"
+	 */
+	function testRenameSharedFolder() {
+		$dir = '/';
+		$oldname = 'Shared';
+		$newname = 'new_name';
+
+		$result = $this->files->rename($dir, $oldname, $newname);
+		$expected = array(
+			'success'	=> false,
+			'data'		=> array('message' => 'Unable to rename file')
+		);
+
+		$this->assertEquals($expected, $result);
+	}
+
+	/**
+	 * @brief test rename of file/folder named "Shared"
+	 */
+	function testRenameSharedFolderInSubdirectory() {
+		$dir = '/test';
+		$oldname = 'Shared';
+		$newname = 'new_name';
+
+		$result = $this->files->rename($dir, $oldname, $newname);
+		$expected = array(
+			'success'	=> true,
+			'data'		=> array(
+				'dir'		=> $dir,
+				'file'		=> $oldname,
+				'newname'	=> $newname
+			)
+		);
+
+		$this->assertEquals($expected, $result);
+	}
+
+	/**
+	 * @brief test rename of file/folder to "Shared"
+	 */
+	function testRenameFolderToShared() {
+		$dir = '/';
+		$oldname = 'oldname';
+		$newname = 'Shared';
+
+		$result = $this->files->rename($dir, $oldname, $newname);
+		$expected = array(
+			'success'	=> false,
+			'data'		=> array('message' => "Invalid folder name. Usage of 'Shared' is reserved by ownCloud")
+		);
+
+		$this->assertEquals($expected, $result);
+	}
+
+	/**
+	 * @brief test rename of file/folder
+	 */
+	function testRenameFolder() {
+		$dir = '/';
+		$oldname = 'oldname';
+		$newname = 'newname';
+
+		$result = $this->files->rename($dir, $oldname, $newname);
+		$expected = array(
+			'success'	=> true,
+			'data'		=> array(
+				'dir'		=> $dir,
+				'file'		=> $oldname,
+				'newname'	=> $newname
+			)
+		);
+
+		$this->assertEquals($expected, $result);
+	}
+}