Extract the remote host from user input in share dropdown

Fix #13678

diff --git a/lib/private/share/helper.php b/lib/private/share/helper.php
index 6059af0196d9ea152978856cfa386ffec77cbb15..55b71ceeeac60961119c0b53d2d4336deac52e59 100644 (file)
--- a/lib/private/share/helper.php
+++ b/lib/private/share/helper.php
@@ -221,4 +221,34 @@ class Helper extends \OC\Share\Constants {
 
                return $expires;
        }
+
+       /**
+        * Extracts the necessary remote name from a given link
+        *
+        * Strips away a potential file name, to allow
+        * - user
+        * - user@localhost
+        * - user@http://localhost
+        * - user@http://localhost/
+        * - user@http://localhost/index.php
+        * - user@http://localhost/index.php/s/{shareToken}
+        *
+        * @param string $shareWith
+        * @return string
+        */
+       public static function fixRemoteURLInShareWith($shareWith) {
+               if (strpos($shareWith, '@')) {
+                       list($user, $remote) = explode('@', $shareWith, 2);
+
+                       $remote = str_replace('\\', '/', $remote);
+                       if ($fileNamePosition = strpos($remote, '/index.php')) {
+                               $remote = substr($remote, 0, $fileNamePosition);
+                       }
+                       $remote = rtrim($remote, '/');
+
+                       $shareWith = $user . '@' . $remote;
+               }
+
+               return rtrim($shareWith, '/');
+       }
 }

diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index bd21bdd4b3ad84222c674af849812e5374b53766..0a630806dc4a763ad674e41a48b3d6fc16e0f6e9 100644 (file)
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -724,7 +724,7 @@ class Share extends \OC\Share\Constants {
                        $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER .
                                \OCP\Security\ISecureRandom::CHAR_DIGITS);
 
-                       $shareWith = rtrim($shareWith, '/');
+                       $shareWith = Helper::fixRemoteURLInShareWith($shareWith);
                        $shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName);
 
                        $send = false;

diff --git a/tests/lib/share/helper.php b/tests/lib/share/helper.php
index 7a546410aead60a66e4e3cdac0d9e4c56c6025f3..0385263fd918ec1c46a55d102f9c189d3ef873b1 100644 (file)
--- a/tests/lib/share/helper.php
+++ b/tests/lib/share/helper.php
@@ -49,4 +49,55 @@ class Test_Share_Helper extends \Test\TestCase {
                $result = \OC\Share\Helper::calculateExpireDate($defaultExpireSettings, $creationTime, $userExpireDate);
                $this->assertSame($expected, $result);
        }
+
+       public function fixRemoteURLInShareWithData() {
+               $userPrefix = ['test@', 'na/me@'];
+               $protocols = ['', 'http://', 'https://'];
+               $remotes = [
+                       'localhost',
+                       'test:foobar@localhost',
+                       'local.host',
+                       'dev.local.host',
+                       'dev.local.host/path',
+                       '127.0.0.1',
+                       '::1',
+                       '::192.0.2.128',
+               ];
+
+               $testCases = [
+                       ['test', 'test'],
+                       ['na/me', 'na/me'],
+                       ['na/me/', 'na/me'],
+                       ['na/index.php', 'na/index.php'],
+                       ['http://localhost', 'http://localhost'],
+                       ['http://localhost/', 'http://localhost'],
+                       ['http://localhost/index.php', 'http://localhost/index.php'],
+                       ['http://localhost/index.php/s/token', 'http://localhost/index.php/s/token'],
+                       ['http://test:foobar@localhost', 'http://test:foobar@localhost'],
+                       ['http://test:foobar@localhost/', 'http://test:foobar@localhost'],
+                       ['http://test:foobar@localhost/index.php', 'http://test:foobar@localhost'],
+                       ['http://test:foobar@localhost/index.php/s/token', 'http://test:foobar@localhost'],
+               ];
+
+               foreach ($userPrefix as $user) {
+                       foreach ($remotes as $remote) {
+                               foreach ($protocols as $protocol) {
+                                       $baseUrl = $user . $protocol . $remote;
+
+                                       $testCases[] = [$baseUrl, $baseUrl];
+                                       $testCases[] = [$baseUrl . '/', $baseUrl];
+                                       $testCases[] = [$baseUrl . '/index.php', $baseUrl];
+                                       $testCases[] = [$baseUrl . '/index.php/s/token', $baseUrl];
+                               }
+                       }
+               }
+               return $testCases;
+       }
+
+       /**
+        * @dataProvider fixRemoteURLInShareWithData
+        */
+       public function testFixRemoteURLInShareWith($remote, $expected) {
+               $this->assertSame($expected, \OC\Share\Helper::fixRemoteURLInShareWith($remote));
+       }
 }