This prevents a misusage of \OC\Files\View by calling it with user-supplied input. In such cases an exception is now thrown.
*/
protected $updater;
+ /**
+ * @param string $root
+ * @throws \Exception If $root contains an invalid path
+ */
public function __construct($root = '') {
+ if(!Filesystem::isValidPath($root)) {
+ throw new \Exception();
+ }
+
$this->fakeRoot = $root;
$this->updater = new Updater($this);
}
$this->assertFalse($view->unlink('foo.txt'));
$this->assertTrue($cache->inCache('foo.txt'));
}
+
+ function directoryTraversalProvider() {
+ return [
+ ['../test/'],
+ ['..\\test\\my/../folder'],
+ ['/test/my/../foo\\'],
+ ];
+ }
+
+ /**
+ * @dataProvider directoryTraversalProvider
+ * @expectedException \Exception
+ * @param string $root
+ */
+ public function testConstructDirectoryTraversalException($root) {
+ new \OC\Files\View($root);
+ }
}