upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-15 22:11:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

Merge pull request #29902 from nextcloud/backport/29895/stable22

Browse source 
[stable22] Check for invalid characters before trimming
This commit is contained in:
Louis 2021-11-25 16:32:15 +01:00 committed by GitHub
commit 9e43ab5252
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 32 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
build/integration/features/bootstrap/WebDav.php
View file

@ -458,7 +458,10 @@ trait WebDav {
try {
$this->response = $this->makeDavRequest($user, "PUT", $destination, [], $file);
} catch (\GuzzleHttp\Exception\ServerException $e) {
// 4xx and 5xx responses cause an exception
// 5xx responses cause a server exception
$this->response = $e->getResponse();
} catch (\GuzzleHttp\Exception\ClientException $e) {
// 4xx responses cause a client exception
$this->response = $e->getResponse();
}
}
@ -487,7 +490,10 @@ trait WebDav {
try {
$this->response = $this->makeDavRequest($user, "PUT", $destination, [], $file);
} catch (\GuzzleHttp\Exception\ServerException $e) {
// 4xx and 5xx responses cause an exception
// 5xx responses cause a server exception
$this->response = $e->getResponse();
} catch (\GuzzleHttp\Exception\ClientException $e) {
// 4xx responses cause a client exception
$this->response = $e->getResponse();
}
}
@ -502,7 +508,10 @@ trait WebDav {
try {
$this->response = $this->makeDavRequest($user, 'DELETE', $file, []);
} catch (\GuzzleHttp\Exception\ServerException $e) {
// 4xx and 5xx responses cause an exception
// 5xx responses cause a server exception
$this->response = $e->getResponse();
} catch (\GuzzleHttp\Exception\ClientException $e) {
// 4xx responses cause a client exception
$this->response = $e->getResponse();
}
}
@ -517,7 +526,10 @@ trait WebDav {
$destination = '/' . ltrim($destination, '/');
$this->response = $this->makeDavRequest($user, "MKCOL", $destination, []);
} catch (\GuzzleHttp\Exception\ServerException $e) {
// 4xx and 5xx responses cause an exception
// 5xx responses cause a server exception
$this->response = $e->getResponse();
} catch (\GuzzleHttp\Exception\ClientException $e) {
// 4xx responses cause a client exception
$this->response = $e->getResponse();
}
}
@ -588,8 +600,12 @@ trait WebDav {
public function downloadingFileAs($fileName, $user) {
try {
$this->response = $this->makeDavRequest($user, 'GET', $fileName, []);
} catch (\GuzzleHttp\Exception\ServerException $ex) {
$this->response = $ex->getResponse();
} catch (\GuzzleHttp\Exception\ServerException $e) {
// 5xx responses cause a server exception
$this->response = $e->getResponse();
} catch (\GuzzleHttp\Exception\ClientException $e) {
// 4xx responses cause a client exception
$this->response = $e->getResponse();
}
}

9
build/integration/features/webdav-related.feature
View file

@ -608,3 +608,12 @@ Feature: webdav-related
And user "user0" uploads new chunk file "3" with "CCCCC" to id "chunking-42"
When user "user0" moves new chunk file with id "chunking-42" to "/myChunkedFile.txt" with size 15
Then the HTTP status code should be "201"
Scenario: Creating a folder with invalid characters
Given using new dav path
And As an "admin"
And user "user0" exists
And user "user1" exists
And As an "user1"
And user "user1" created a folder "/testshare "
Then the HTTP status code should be "400"

2
lib/private/Files/Storage/Common.php
View file

@ -554,8 +554,8 @@ abstract class Common implements Storage, ILockingStorage, IWriteStreamStorage {
* @throws InvalidPathException
*/
protected function verifyPosixPath($fileName) {
$fileName = trim($fileName);
$this->scanForInvalidCharacters($fileName, "\\/");
$fileName = trim($fileName);
$reservedNames = ['*'];
if (in_array($fileName, $reservedNames)) {
throw new ReservedWordException();