From b180724cd083d82cb8468c637e1a30e8f0ec993d Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 2 Feb 2015 19:54:56 +0100 Subject: [PATCH] Extract the remote host from user input in share dropdown Fix #13678 --- lib/private/share/helper.php | 30 +++++++++++++++++++++ lib/private/share/share.php | 2 +- tests/lib/share/helper.php | 51 ++++++++++++++++++++++++++++++++++++ 3 files changed, 82 insertions(+), 1 deletion(-) diff --git a/lib/private/share/helper.php b/lib/private/share/helper.php index 6059af0196d..55b71ceeeac 100644 --- a/lib/private/share/helper.php +++ b/lib/private/share/helper.php @@ -221,4 +221,34 @@ class Helper extends \OC\Share\Constants { return $expires; } + + /** + * Extracts the necessary remote name from a given link + * + * Strips away a potential file name, to allow + * - user + * - user@localhost + * - user@http://localhost + * - user@http://localhost/ + * - user@http://localhost/index.php + * - user@http://localhost/index.php/s/{shareToken} + * + * @param string $shareWith + * @return string + */ + public static function fixRemoteURLInShareWith($shareWith) { + if (strpos($shareWith, '@')) { + list($user, $remote) = explode('@', $shareWith, 2); + + $remote = str_replace('\\', '/', $remote); + if ($fileNamePosition = strpos($remote, '/index.php')) { + $remote = substr($remote, 0, $fileNamePosition); + } + $remote = rtrim($remote, '/'); + + $shareWith = $user . '@' . $remote; + } + + return rtrim($shareWith, '/'); + } } diff --git a/lib/private/share/share.php b/lib/private/share/share.php index bd21bdd4b3a..0a630806dc4 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -724,7 +724,7 @@ class Share extends \OC\Share\Constants { $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . \OCP\Security\ISecureRandom::CHAR_DIGITS); - $shareWith = rtrim($shareWith, '/'); + $shareWith = Helper::fixRemoteURLInShareWith($shareWith); $shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName); $send = false; diff --git a/tests/lib/share/helper.php b/tests/lib/share/helper.php index 7a546410aea..0385263fd91 100644 --- a/tests/lib/share/helper.php +++ b/tests/lib/share/helper.php @@ -49,4 +49,55 @@ class Test_Share_Helper extends \Test\TestCase { $result = \OC\Share\Helper::calculateExpireDate($defaultExpireSettings, $creationTime, $userExpireDate); $this->assertSame($expected, $result); } + + public function fixRemoteURLInShareWithData() { + $userPrefix = ['test@', 'na/me@']; + $protocols = ['', 'http://', 'https://']; + $remotes = [ + 'localhost', + 'test:foobar@localhost', + 'local.host', + 'dev.local.host', + 'dev.local.host/path', + '127.0.0.1', + '::1', + '::192.0.2.128', + ]; + + $testCases = [ + ['test', 'test'], + ['na/me', 'na/me'], + ['na/me/', 'na/me'], + ['na/index.php', 'na/index.php'], + ['http://localhost', 'http://localhost'], + ['http://localhost/', 'http://localhost'], + ['http://localhost/index.php', 'http://localhost/index.php'], + ['http://localhost/index.php/s/token', 'http://localhost/index.php/s/token'], + ['http://test:foobar@localhost', 'http://test:foobar@localhost'], + ['http://test:foobar@localhost/', 'http://test:foobar@localhost'], + ['http://test:foobar@localhost/index.php', 'http://test:foobar@localhost'], + ['http://test:foobar@localhost/index.php/s/token', 'http://test:foobar@localhost'], + ]; + + foreach ($userPrefix as $user) { + foreach ($remotes as $remote) { + foreach ($protocols as $protocol) { + $baseUrl = $user . $protocol . $remote; + + $testCases[] = [$baseUrl, $baseUrl]; + $testCases[] = [$baseUrl . '/', $baseUrl]; + $testCases[] = [$baseUrl . '/index.php', $baseUrl]; + $testCases[] = [$baseUrl . '/index.php/s/token', $baseUrl]; + } + } + } + return $testCases; + } + + /** + * @dataProvider fixRemoteURLInShareWithData + */ + public function testFixRemoteURLInShareWith($remote, $expected) { + $this->assertSame($expected, \OC\Share\Helper::fixRemoteURLInShareWith($remote)); + } } -- 2.39.5