upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-21 14:23:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 15

fix(files): Check if the target path is a descendant of the shared folder path

Browse source 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>

fix: tests

Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>

fix: fix tests

Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>

fix: add tests

Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>

fix: tests
This commit is contained in:
Git'Fellow 2024-09-04 22:24:19 +02:00 committed by backportbot[bot]
parent 8274e3f239
commit 2bb8c023c2
2 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lib/private/Files/View.php
View file

@ -1794,7 +1794,8 @@ class View {
}, $providers));
foreach ($shares as $share) {
if (str_starts_with($targetPath, $share->getNode()->getPath())) {
$sharedPath = $share->getNode()->getPath();
if ($targetPath === $sharedPath || str_starts_with($targetPath, $sharedPath . '/')) {
$this->logger->debug(
'It is not allowed to move one mount point into a shared folder',
['app' => 'files']);

10
tests/lib/Files/ViewTest.php
View file

@ -1668,17 +1668,24 @@ class ViewTest extends \Test\TestCase {
public function testMoveMountPointIntoSharedFolder() {
self::loginAsUser($this->user);
[$mount1] = $this->createTestMovableMountPoints([
[$mount1, $mount2] = $this->createTestMovableMountPoints([
$this->user . '/files/mount1',
$this->user . '/files/mount2',
]);
$mount1->expects($this->never())
->method('moveMount');
$mount2->expects($this->once())
->method('moveMount')
->willReturn(true);
$view = new View('/' . $this->user . '/files/');
$view->mkdir('shareddir');
$view->mkdir('shareddir/sub');
$view->mkdir('shareddir/sub2');
// Create a similar named but non-shared folder
$view->mkdir('shareddir notshared');
$fileId = $view->getFileInfo('shareddir')->getId();
$userObject = \OC::$server->getUserManager()->createUser('test2', 'IHateNonMockableStaticClasses');
@ -1697,6 +1704,7 @@ class ViewTest extends \Test\TestCase {
$this->assertFalse($view->rename('mount1', 'shareddir'), 'Cannot overwrite shared folder');
$this->assertFalse($view->rename('mount1', 'shareddir/sub'), 'Cannot move mount point into shared folder');
$this->assertFalse($view->rename('mount1', 'shareddir/sub/sub2'), 'Cannot move mount point into shared subfolder');
$this->assertTrue($view->rename('mount2', 'shareddir notshared/sub'), 'Can move mount point into a similarly named but non-shared folder');
$shareManager->deleteShare($share);
$userObject->delete();