From: Joas Schilling Date: Wed, 2 Nov 2016 08:23:01 +0000 (+0100) Subject: Make sure we don't scan files that can not be accessed X-Git-Tag: v11.0RC2~177^2~1 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=4652d203e37d06b427872888ccb17227c1e0818b;p=nextcloud-server.git Make sure we don't scan files that can not be accessed Signed-off-by: Joas Schilling --- diff --git a/lib/private/Files/Cache/Scanner.php b/lib/private/Files/Cache/Scanner.php index 28f7be0b65a..237934db7a5 100644 --- a/lib/private/Files/Cache/Scanner.php +++ b/lib/private/Files/Cache/Scanner.php @@ -132,6 +132,24 @@ class Scanner extends BasicEmitter implements IScanner { */ public function scanFile($file, $reuseExisting = 0, $parentId = -1, $cacheData = null, $lock = true) { + if (!\OC::$server->getDatabaseConnection()->supports4ByteText()) { + // verify database - e.g. mysql only 3-byte chars + if (preg_match('%(?: + \xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3 + | [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15 + | \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16 +)%xs', $file)) { + // 4-byte characters are not supported in file names + return null; + } + } + + try { + $this->storage->verifyPath(dirname($file), basename($file)); + } catch (\Exception $e) { + return null; + } + // only proceed if $file is not a partial file nor a blacklisted file if (!self::isPartialFile($file) and !Filesystem::isFileBlacklisted($file)) { @@ -167,6 +185,9 @@ class Scanner extends BasicEmitter implements IScanner { // scan the parent if it's not in the cache (id -1) and the current file is not the root folder if ($file and $parentId === -1) { $parentData = $this->scanFile($parent); + if (!$parentData) { + return null; + } $parentId = $parentData['fileid']; } if ($parent) { diff --git a/tests/lib/Files/Cache/ScannerTest.php b/tests/lib/Files/Cache/ScannerTest.php index b44b6f5d0f5..075716f8033 100644 --- a/tests/lib/Files/Cache/ScannerTest.php +++ b/tests/lib/Files/Cache/ScannerTest.php @@ -70,6 +70,32 @@ class ScannerTest extends \Test\TestCase { $this->assertEquals($cachedData['mimetype'], 'image/png'); } + function testFile4Byte() { + $data = "dummy file data\n"; + $this->storage->file_put_contents('foo🙈.txt', $data); + + if (\OC::$server->getDatabaseConnection()->supports4ByteText()) { + $this->assertNotNull($this->scanner->scanFile('foo🙈.txt')); + $this->assertTrue($this->cache->inCache('foo🙈.txt'), true); + + $cachedData = $this->cache->get('foo🙈.txt'); + $this->assertEquals(strlen($data), $cachedData['size']); + $this->assertEquals('text/plain', $cachedData['mimetype']); + $this->assertNotEquals(-1, $cachedData['parent']); //parent folders should be scanned automatically + } else { + $this->assertNull($this->scanner->scanFile('foo🙈.txt')); + $this->assertFalse($this->cache->inCache('foo🙈.txt'), true); + } + } + + function testFileInvalidChars() { + $data = "dummy file data\n"; + $this->storage->file_put_contents("foo\nbar.txt", $data); + + $this->assertNull($this->scanner->scanFile("foo\nbar.txt")); + $this->assertFalse($this->cache->inCache("foo\nbar.txt"), true); + } + private function fillTestFolders() { $textData = "dummy file data\n"; $imgData = file_get_contents(\OC::$SERVERROOT . '/core/img/logo.png');