Properly check the data dir

* fixes #1364

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js
index 4764efc035d02e307cd139c4f1e2dd6d7776b56e..4d2097a5b5d282d6760d5546cfc613ff61c73bfc 100644 (file)
--- a/core/js/setupchecks.js
+++ b/core/js/setupchecks.js
@@ -198,7 +198,8 @@
                        }
                        var afterCall = function(xhr) {
                                var messages = [];
-                               if (xhr.status !== 403 && xhr.status !== 307 && xhr.status !== 301 && xhr.responseText !== '') {
+                               // .ocdata is an empty file in the data directory - if this is readable then the data dir is not protected
+                               if (xhr.status === 200 && xhr.responseText === '') {
                                        messages.push({
                                                msg: t('core', 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.'),
                                                type: OC.SetupChecks.MESSAGE_TYPE_ERROR
@@ -209,7 +210,7 @@
 
                        $.ajax({
                                type: 'GET',
-                               url: OC.linkTo('', oc_dataURL+'/htaccesstest.txt?t=' + (new Date()).getTime()),
+                               url: OC.linkTo('', oc_dataURL+'/.ocdata?t=' + (new Date()).getTime()),
                                complete: afterCall,
                                allowAuthErrors: true
                        });

diff --git a/core/js/tests/specs/setupchecksSpec.js b/core/js/tests/specs/setupchecksSpec.js
index 5b2a7881df99c22ec7b7569ef6c6b0e1cfce41c0..faa8a2bf27798da40961b555c7123c7c9636e2fa 100644 (file)
--- a/core/js/tests/specs/setupchecksSpec.js
+++ b/core/js/tests/specs/setupchecksSpec.js
@@ -103,7 +103,7 @@ describe('OC.SetupChecks tests', function() {
                it('should return an error if data directory is not protected', function(done) {
                        var async = OC.SetupChecks.checkDataProtected();
 
-                       suite.server.requests[0].respond(200, {'Content-Type': 'text/plain'}, 'file contents');
+                       suite.server.requests[0].respond(200, {'Content-Type': 'text/plain'}, '');
 
                        async.done(function( data, s, x ){
                                expect(data).toEqual([

diff --git a/lib/private/legacy/util.php b/lib/private/legacy/util.php
index eaa82ec8701107ae7c2f21070209a6679cdc4ac1..55dc5ae7c15194a24c14482f87ebd33015ef5d44 100644 (file)
--- a/lib/private/legacy/util.php
+++ b/lib/private/legacy/util.php
@@ -1169,6 +1169,8 @@ class OC_Util {
                }
                fwrite($fp, $testContent);
                fclose($fp);
+
+               return $testContent;
        }
 
        /**