From: Ferdinand Thiessen Date: Tue, 27 Aug 2024 12:06:23 +0000 (+0200) Subject: fix: Allow read-only filename validation to allow reading files X-Git-Tag: v30.0.0rc3~20^2~2 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=ef3bd0384918022458e57d593a8292549194074c;p=nextcloud-server.git fix: Allow read-only filename validation to allow reading files Needed to read files with the "Windows compatibility" feature. Signed-off-by: Ferdinand Thiessen --- diff --git a/apps/dav/lib/Connector/Sabre/Directory.php b/apps/dav/lib/Connector/Sabre/Directory.php index 427ec59bc31..d56f56890cc 100644 --- a/apps/dav/lib/Connector/Sabre/Directory.php +++ b/apps/dav/lib/Connector/Sabre/Directory.php @@ -173,7 +173,7 @@ class Directory extends \OCA\DAV\Connector\Sabre\Node implements \Sabre\DAV\ICol $path = $this->path . '/' . $name; if (is_null($info)) { try { - $this->fileView->verifyPath($this->path, $name); + $this->fileView->verifyPath($this->path, $name, true); $info = $this->fileView->getFileInfo($path); } catch (\OCP\Files\StorageNotAvailableException $e) { throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage(), 0, $e); diff --git a/lib/private/Files/View.php b/lib/private/Files/View.php index 0e5e433ccb6..d8b240d5b11 100644 --- a/lib/private/Files/View.php +++ b/lib/private/Files/View.php @@ -1826,15 +1826,26 @@ class View { /** * @param string $path * @param string $fileName + * @param bool $readonly Check only if the path is allowed for read-only access * @throws InvalidPathException */ - public function verifyPath($path, $fileName): void { + public function verifyPath($path, $fileName, $readonly = false): void { // All of the view's functions disallow '..' in the path so we can short cut if the path is invalid if (!Filesystem::isValidPath($path ?: '/')) { $l = \OCP\Util::getL10N('lib'); throw new InvalidPathException($l->t('Path contains invalid segments')); } + // Short cut for read-only validation + if ($readonly) { + $validator = \OCP\Server::get(FilenameValidator::class); + if ($validator->isForbidden($fileName)) { + $l = \OCP\Util::getL10N('lib'); + throw new InvalidPathException($l->t('Filename is a reserved word')); + } + return; + } + try { /** @type \OCP\Files\Storage $storage */ [$storage, $internalPath] = $this->resolvePath($path);