*/
private array $forbiddenNames = [];
+ /**
+ * @var list<string>
+ */
+ private array $forbiddenBasenames = [];
/**
* @var list<string>
*/
*/
public function getForbiddenExtensions(): array {
if (empty($this->forbiddenExtensions)) {
- $forbiddenExtensions = $this->config->getSystemValue('forbidden_filename_extensions', ['.filepart']);
- if (!is_array($forbiddenExtensions)) {
- $this->logger->error('Invalid system config value for "forbidden_filename_extensions" is ignored.');
- $forbiddenExtensions = ['.filepart'];
- }
+ $forbiddenExtensions = $this->getConfigValue('forbidden_filename_extensions', ['.filepart']);
// Always forbid .part files as they are used internally
- $forbiddenExtensions = array_merge($forbiddenExtensions, ['.part']);
+ $forbiddenExtensions[] = '.part';
- // The list is case insensitive so we provide it always lowercase
- $forbiddenExtensions = array_map('mb_strtolower', $forbiddenExtensions);
$this->forbiddenExtensions = array_values($forbiddenExtensions);
}
return $this->forbiddenExtensions;
*/
public function getForbiddenFilenames(): array {
if (empty($this->forbiddenNames)) {
- $forbiddenNames = $this->config->getSystemValue('forbidden_filenames', ['.htaccess']);
- if (!is_array($forbiddenNames)) {
- $this->logger->error('Invalid system config value for "forbidden_filenames" is ignored.');
- $forbiddenNames = ['.htaccess'];
- }
+ $forbiddenNames = $this->getConfigValue('forbidden_filenames', ['.htaccess']);
// Handle legacy config option
// TODO: Drop with Nextcloud 34
- $legacyForbiddenNames = $this->config->getSystemValue('blacklisted_files', []);
- if (!is_array($legacyForbiddenNames)) {
- $this->logger->error('Invalid system config value for "blacklisted_files" is ignored.');
- $legacyForbiddenNames = [];
- }
+ $legacyForbiddenNames = $this->getConfigValue('blacklisted_files', []);
if (!empty($legacyForbiddenNames)) {
$this->logger->warning('System config option "blacklisted_files" is deprecated and will be removed in Nextcloud 34, use "forbidden_filenames" instead.');
}
$forbiddenNames = array_merge($legacyForbiddenNames, $forbiddenNames);
- // The list is case insensitive so we provide it always lowercase
- $forbiddenNames = array_map('mb_strtolower', $forbiddenNames);
+ // Ensure we are having a proper string list
$this->forbiddenNames = array_values($forbiddenNames);
}
return $this->forbiddenNames;
}
+ /**
+ * Get a list of forbidden file basenames that must not be used
+ * This list should be checked case-insensitive, all names are returned lowercase.
+ * @return list<string>
+ * @since 30.0.0
+ */
+ public function getForbiddenBasenames(): array {
+ if (empty($this->forbiddenBasenames)) {
+ $forbiddenBasenames = $this->getConfigValue('forbidden_filename_basenames', []);
+ // Ensure we are having a proper string list
+ $this->forbiddenBasenames = array_values($forbiddenBasenames);
+ }
+ return $this->forbiddenBasenames;
+ }
+
/**
* Get a list of characters forbidden in filenames
*
* @return bool True if invalid name, False otherwise
*/
public function isForbidden(string $path): bool {
+ // We support paths here as this function is also used in some storage internals
$filename = basename($path);
$filename = mb_strtolower($filename);
return false;
}
- // The name part without extension
- $basename = substr($filename, 0, strpos($filename, '.', 1) ?: null);
// Check for forbidden filenames
$forbiddenNames = $this->getForbiddenFilenames();
+ if (in_array($filename, $forbiddenNames)) {
+ return true;
+ }
+
+ // Check for forbidden basenames - basenames are the part of the file until the first dot
+ // (except if the dot is the first character as this is then part of the basename "hidden files")
+ $basename = substr($filename, 0, strpos($filename, '.', 1) ?: null);
+ $forbiddenNames = $this->getForbiddenBasenames();
if (in_array($basename, $forbiddenNames)) {
return true;
}
foreach ($this->getForbiddenCharacters() as $char) {
if (str_contains($filename, $char)) {
- throw new InvalidCharacterInPathException($char);
+ throw new InvalidCharacterInPathException($this->l10n->t('Invalid character "%1$s" in filename', [$char]));
}
}
}
}
}
}
+
+ /**
+ * Helper to get lower case list from config with validation
+ * @return string[]
+ */
+ private function getConfigValue(string $key, array $fallback): array {
+ $values = $this->config->getSystemValue($key, ['.filepart']);
+ if (!is_array($values)) {
+ $this->logger->error('Invalid system config value for "' . $key . '" is ignored.');
+ $values = $fallback;
+ }
+
+ return array_map('mb_strtolower', $values);
+ }
};
public function testValidateFilename(
string $filename,
array $forbiddenNames,
+ array $forbiddenBasenames,
array $forbiddenExtensions,
array $forbiddenCharacters,
?string $exception,
): void {
/** @var FilenameValidator&MockObject */
$validator = $this->getMockBuilder(FilenameValidator::class)
- ->onlyMethods(['getForbiddenExtensions', 'getForbiddenFilenames', 'getForbiddenCharacters'])
+ ->onlyMethods([
+ 'getForbiddenBasenames',
+ 'getForbiddenCharacters',
+ 'getForbiddenExtensions',
+ 'getForbiddenFilenames',
+ ])
->setConstructorArgs([$this->l10n, $this->config, $this->logger])
->getMock();
+ $validator->method('getForbiddenBasenames')
+ ->willReturn($forbiddenBasenames);
$validator->method('getForbiddenCharacters')
->willReturn($forbiddenCharacters);
$validator->method('getForbiddenExtensions')
public function testIsFilenameValid(
string $filename,
array $forbiddenNames,
+ array $forbiddenBasenames,
array $forbiddenExtensions,
array $forbiddenCharacters,
?string $exception,
): void {
/** @var FilenameValidator&MockObject */
$validator = $this->getMockBuilder(FilenameValidator::class)
- ->onlyMethods(['getForbiddenExtensions', 'getForbiddenFilenames', 'getForbiddenCharacters'])
+ ->onlyMethods([
+ 'getForbiddenBasenames',
+ 'getForbiddenExtensions',
+ 'getForbiddenFilenames',
+ 'getForbiddenCharacters',
+ ])
->setConstructorArgs([$this->l10n, $this->config, $this->logger])
->getMock();
+ $validator->method('getForbiddenBasenames')
+ ->willReturn($forbiddenBasenames);
$validator->method('getForbiddenCharacters')
->willReturn($forbiddenCharacters);
$validator->method('getForbiddenExtensions')
public function dataValidateFilename(): array {
return [
'valid name' => [
- 'a: b.txt', ['.htaccess'], [], [], null
+ 'a: b.txt', ['.htaccess'], [], [], [], null
],
'valid name with some more parameters' => [
- 'a: b.txt', ['.htaccess'], ['exe'], ['~'], null
+ 'a: b.txt', ['.htaccess'], [], ['exe'], ['~'], null
+ ],
+ 'valid name checks only the full name' => [
+ '.htaccess.sample', ['.htaccess'], [], [], [], null
],
'forbidden name' => [
- '.htaccess', ['.htaccess'], [], [], ReservedWordException::class
+ '.htaccess', ['.htaccess'], [], [], [], ReservedWordException::class
],
'forbidden name - name is case insensitive' => [
- 'COM1', ['.htaccess', 'com1'], [], [], ReservedWordException::class
+ 'COM1', ['.htaccess', 'com1'], [], [], [], ReservedWordException::class
+ ],
+ 'forbidden basename' => [
+ // needed for Windows namespaces
+ 'com1.suffix', ['.htaccess'], ['com1'], [], [], ReservedWordException::class
],
- 'forbidden name - name checks the filename' => [
+ 'forbidden basename for hidden files' => [
// needed for Windows namespaces
- 'com1.suffix', ['.htaccess', 'com1'], [], [], ReservedWordException::class
+ '.thumbs.db', ['.htaccess'], ['.thumbs'], [], [], ReservedWordException::class
],
'invalid character' => [
- 'a: b.txt', ['.htaccess'], [], [':'], InvalidCharacterInPathException::class
+ 'a: b.txt', ['.htaccess'], [], [], [':'], InvalidCharacterInPathException::class
],
'invalid path' => [
- '../../foo.bar', ['.htaccess'], [], ['/', '\\'], InvalidCharacterInPathException::class,
+ '../../foo.bar', ['.htaccess'], [], [], ['/', '\\'], InvalidCharacterInPathException::class,
],
'invalid extension' => [
- 'a: b.txt', ['.htaccess'], ['.txt'], [], InvalidPathException::class
+ 'a: b.txt', ['.htaccess'], [], ['.txt'], [], InvalidPathException::class
],
'empty filename' => [
- '', [], [], [], EmptyFileNameException::class
+ '', [], [], [], [], EmptyFileNameException::class
],
'reserved unix name "."' => [
- '.', [], [], [], InvalidPathException::class
+ '.', [], [], [], [], InvalidPathException::class
],
'reserved unix name ".."' => [
- '..', [], [], [], ReservedWordException::class
+ '..', [], [], [], [], ReservedWordException::class
],
'too long filename "."' => [
- str_repeat('a', 251), [], [], [], FileNameTooLongException::class
+ str_repeat('a', 251), [], [], [], [], FileNameTooLongException::class
],
// make sure to not split the list entries as they migh contain Unicode sequences
// in this example the "face in clouds" emoji contains the clouds emoji so only having clouds is ok
- ['π«οΈ.txt', ['.htaccess'], [], ['πΆβπ«οΈ'], null],
+ ['π«οΈ.txt', ['.htaccess'], [], [], ['πΆβπ«οΈ'], null],
// This is the reverse: clouds are forbidden -> so is also the face in the clouds emoji
- ['πΆβπ«οΈ.txt', ['.htaccess'], [], ['π«οΈ'], InvalidCharacterInPathException::class],
+ ['πΆβπ«οΈ.txt', ['.htaccess'], [], [], ['π«οΈ'], InvalidCharacterInPathException::class],
];
}
/**
* @dataProvider dataIsForbidden
*/
- public function testIsForbidden(string $filename, array $forbiddenNames, bool $expected): void {
+ public function testIsForbidden(string $filename, array $forbiddenNames, array $forbiddenBasenames, bool $expected): void {
/** @var FilenameValidator&MockObject */
$validator = $this->getMockBuilder(FilenameValidator::class)
- ->onlyMethods(['getForbiddenFilenames'])
+ ->onlyMethods(['getForbiddenFilenames', 'getForbiddenBasenames'])
->setConstructorArgs([$this->l10n, $this->config, $this->logger])
->getMock();
+ $validator->method('getForbiddenBasenames')
+ ->willReturn($forbiddenBasenames);
$validator->method('getForbiddenFilenames')
->willReturn($forbiddenNames);
-
- $this->assertEquals($expected, $validator->isFilenameValid($filename));
+ $this->assertEquals($expected, $validator->isForbidden($filename));
}
public function dataIsForbidden(): array {
return [
'valid name' => [
- 'a: b.txt', ['.htaccess'], true
+ 'a: b.txt', ['.htaccess'], [], false
],
'valid name with some more parameters' => [
- 'a: b.txt', ['.htaccess'], true
+ 'a: b.txt', ['.htaccess'], [], false
+ ],
+ 'valid name as only full forbidden should be matched' => [
+ '.htaccess.sample', ['.htaccess'], [], false,
],
'forbidden name' => [
- '.htaccess', ['.htaccess'], false
+ '.htaccess', ['.htaccess'], [], true
],
'forbidden name - name is case insensitive' => [
- 'COM1', ['.htaccess', 'com1'], false
+ 'COM1', ['.htaccess', 'com1'], [], true,
+ ],
+ 'forbidden name - basename is checked' => [
+ // needed for Windows namespaces
+ 'com1.suffix', ['.htaccess'], ['com1'], true
],
- 'forbidden name - name checks the filename' => [
+ 'forbidden name - basename is checked also with multiple extensions' => [
// needed for Windows namespaces
- 'com1.suffix', ['.htaccess', 'com1'], false
+ 'com1.tar.gz', ['.htaccess'], ['com1'], true
],
];
}
projects / nextcloud-server.git / commitdiff