if(strstr($path, '/../') || strrchr($path, '/') === '/..' ) {
return false;
}
+ if(self::isFileBlacklisted($path)){
+ return false;
+ }
return true;
}
* @param array $data from hook
*/
static public function isBlacklisted($data) {
- $blacklist = array('.htaccess');
if (isset($data['path'])) {
$path = $data['path'];
} else if (isset($data['newpath'])) {
$path = $data['newpath'];
}
if (isset($path)) {
- $filename = strtolower(basename($path));
- if (in_array($filename, $blacklist)) {
- $data['run'] = false;
- }
+ $data['run'] = !self::isFileBlacklisted($path);
}
}
+ static public function isFileBlacklisted($path){
+ $blacklist = array('.htaccess');
+ $filename = strtolower(basename($path));
+ return in_array($filename, $blacklist);
+ }
+
/**
* following functions are equivilent to their php buildin equivilents for arguments/return values.
*/
$rootView->mkdir('/' . $user);
$rootView->mkdir('/' . $user . '/files');
+ $this->assertFalse($rootView->file_put_contents('/.htaccess', 'foo'));
$this->assertFalse(OC_Filesystem::file_put_contents('/.htaccess', 'foo'));
$fh = fopen(__FILE__, 'r');
$this->assertFalse(OC_Filesystem::file_put_contents('/.htaccess', $fh));
projects / nextcloud-server.git / commitdiff