mirror of
https://github.com/nextcloud/server.git
synced 2024-08-30 05:55:15 +02:00
adding storage specific filename verification - refs #13640
This commit is contained in:
parent
348fe105b1
commit
4bac595068
@ -10,7 +10,7 @@ global $eventSource;
|
||||
|
||||
// Get the params
|
||||
$dir = isset( $_REQUEST['dir'] ) ? '/'.trim((string)$_REQUEST['dir'], '/\\') : '';
|
||||
$filename = isset( $_REQUEST['filename'] ) ? trim((string)$_REQUEST['filename'], '/\\') : '';
|
||||
$fileName = isset( $_REQUEST['filename'] ) ? trim((string)$_REQUEST['filename'], '/\\') : '';
|
||||
|
||||
$l10n = \OC::$server->getL10N('files');
|
||||
|
||||
@ -18,23 +18,14 @@ $result = array(
|
||||
'success' => false,
|
||||
'data' => NULL
|
||||
);
|
||||
$trimmedFileName = trim($filename);
|
||||
|
||||
if($trimmedFileName === '') {
|
||||
$result['data'] = array('message' => (string)$l10n->t('File name cannot be empty.'));
|
||||
try {
|
||||
\OC\Files\Filesystem::getView()->verifyPath($dir, $fileName);
|
||||
} catch (\OCP\Files\InvalidPathException $ex) {
|
||||
$result['data'] = [
|
||||
'message' => $ex->getMessage()];
|
||||
OCP\JSON::error($result);
|
||||
exit();
|
||||
}
|
||||
if($trimmedFileName === '.' || $trimmedFileName === '..') {
|
||||
$result['data'] = array('message' => (string)$l10n->t('"%s" is an invalid file name.', $trimmedFileName));
|
||||
OCP\JSON::error($result);
|
||||
exit();
|
||||
}
|
||||
|
||||
if(!OCP\Util::isValidFileName($filename)) {
|
||||
$result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."));
|
||||
OCP\JSON::error($result);
|
||||
exit();
|
||||
return;
|
||||
}
|
||||
|
||||
if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
|
||||
@ -46,12 +37,12 @@ if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
|
||||
exit();
|
||||
}
|
||||
|
||||
$target = $dir.'/'.$filename;
|
||||
$target = $dir.'/'.$fileName;
|
||||
|
||||
if (\OC\Files\Filesystem::file_exists($target)) {
|
||||
$result['data'] = array('message' => (string)$l10n->t(
|
||||
'The name %s is already used in the folder %s. Please choose a different name.',
|
||||
array($filename, $dir))
|
||||
array($fileName, $dir))
|
||||
);
|
||||
OCP\JSON::error($result);
|
||||
exit();
|
||||
|
@ -9,7 +9,7 @@ OCP\JSON::callCheck();
|
||||
|
||||
// Get the params
|
||||
$dir = isset($_POST['dir']) ? (string)$_POST['dir'] : '';
|
||||
$foldername = isset($_POST['foldername']) ?(string) $_POST['foldername'] : '';
|
||||
$folderName = isset($_POST['foldername']) ?(string) $_POST['foldername'] : '';
|
||||
|
||||
$l10n = \OC::$server->getL10N('files');
|
||||
|
||||
@ -18,16 +18,13 @@ $result = array(
|
||||
'data' => NULL
|
||||
);
|
||||
|
||||
if(trim($foldername) === '') {
|
||||
$result['data'] = array('message' => $l10n->t('Folder name cannot be empty.'));
|
||||
try {
|
||||
\OC\Files\Filesystem::getView()->verifyPath($dir, $folderName);
|
||||
} catch (\OCP\Files\InvalidPathException $ex) {
|
||||
$result['data'] = [
|
||||
'message' => $ex->getMessage()];
|
||||
OCP\JSON::error($result);
|
||||
exit();
|
||||
}
|
||||
|
||||
if(!OCP\Util::isValidFileName($foldername)) {
|
||||
$result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."));
|
||||
OCP\JSON::error($result);
|
||||
exit();
|
||||
return;
|
||||
}
|
||||
|
||||
if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
|
||||
@ -39,12 +36,12 @@ if (!\OC\Files\Filesystem::file_exists($dir . '/')) {
|
||||
exit();
|
||||
}
|
||||
|
||||
$target = $dir . '/' . $foldername;
|
||||
$target = $dir . '/' . $folderName;
|
||||
|
||||
if (\OC\Files\Filesystem::file_exists($target)) {
|
||||
$result['data'] = array('message' => $l10n->t(
|
||||
'The name %s is already used in the folder %s. Please choose a different name.',
|
||||
array($foldername, $dir))
|
||||
array($folderName, $dir))
|
||||
);
|
||||
OCP\JSON::error($result);
|
||||
exit();
|
||||
@ -52,9 +49,9 @@ if (\OC\Files\Filesystem::file_exists($target)) {
|
||||
|
||||
if(\OC\Files\Filesystem::mkdir($target)) {
|
||||
if ( $dir !== '/') {
|
||||
$path = $dir.'/'.$foldername;
|
||||
$path = $dir.'/'.$folderName;
|
||||
} else {
|
||||
$path = '/'.$foldername;
|
||||
$path = '/'.$folderName;
|
||||
}
|
||||
$meta = \OC\Files\Filesystem::getFileInfo($path);
|
||||
$meta['type'] = 'dir'; // missing ?!
|
||||
|
@ -103,13 +103,13 @@
|
||||
throw t('files', 'File name cannot be empty.');
|
||||
}
|
||||
// check for invalid characters
|
||||
var invalidCharacters =
|
||||
['\\', '/', '<', '>', ':', '"', '|', '?', '*', '\n'];
|
||||
for (var i = 0; i < invalidCharacters.length; i++) {
|
||||
if (trimmedName.indexOf(invalidCharacters[i]) !== -1) {
|
||||
throw t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.");
|
||||
}
|
||||
}
|
||||
//var invalidCharacters =
|
||||
// ['\\', '/', '<', '>', ':', '"', '|', '?', '*', '\n'];
|
||||
//for (var i = 0; i < invalidCharacters.length; i++) {
|
||||
// if (trimmedName.indexOf(invalidCharacters[i]) !== -1) {
|
||||
// throw t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.");
|
||||
// }
|
||||
//}
|
||||
return true;
|
||||
},
|
||||
displayStorageWarnings: function() {
|
||||
|
57
lib/private/connector/sabre/exception/invalidpath.php
Normal file
57
lib/private/connector/sabre/exception/invalidpath.php
Normal file
@ -0,0 +1,57 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (c) 2015 Thomas Müller <deepdiver@owncloud.com>
|
||||
* This file is licensed under the Affero General Public License version 3 or
|
||||
* later.
|
||||
* See the COPYING-README file. */
|
||||
|
||||
class OC_Connector_Sabre_Exception_InvalidPath extends \Sabre\DAV\Exception {
|
||||
|
||||
/**
|
||||
* @var bool
|
||||
*/
|
||||
private $retry;
|
||||
|
||||
/**
|
||||
* @param string $message
|
||||
* @param bool $retry
|
||||
*/
|
||||
public function __construct($message, $retry = false) {
|
||||
parent::__construct($message);
|
||||
$this->retry = $retry;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the HTTP status code for this exception
|
||||
*
|
||||
* @return int
|
||||
*/
|
||||
public function getHTTPCode() {
|
||||
|
||||
return 400;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* This method allows the exception to include additional information into the WebDAV error response
|
||||
*
|
||||
* @param \Sabre\DAV\Server $server
|
||||
* @param \DOMElement $errorNode
|
||||
* @return void
|
||||
*/
|
||||
public function serialize(\Sabre\DAV\Server $server,\DOMElement $errorNode) {
|
||||
|
||||
// set owncloud namespace
|
||||
$errorNode->setAttribute('xmlns:o', OC_Connector_Sabre_FilesPlugin::NS_OWNCLOUD);
|
||||
|
||||
// adding the retry node
|
||||
$error = $errorNode->ownerDocument->createElementNS('o:','o:retry', var_export($this->retry, true));
|
||||
$errorNode->appendChild($error);
|
||||
|
||||
// adding the message node
|
||||
$error = $errorNode->ownerDocument->createElementNS('o:','o:reason', $this->getMessage());
|
||||
$errorNode->appendChild($error);
|
||||
}
|
||||
|
||||
}
|
@ -66,17 +66,15 @@ class File extends \OC\Connector\Sabre\Node implements \Sabre\DAV\IFile {
|
||||
throw new \Sabre\DAV\Exception\ServiceUnavailable("Encryption is disabled");
|
||||
}
|
||||
|
||||
$fileName = basename($this->info->getPath());
|
||||
if (!\OCP\Util::isValidFileName($fileName)) {
|
||||
throw new \Sabre\DAV\Exception\BadRequest();
|
||||
}
|
||||
// verify path of the target
|
||||
$this->verifyPath();
|
||||
|
||||
// chunked handling
|
||||
if (isset($_SERVER['HTTP_OC_CHUNKED'])) {
|
||||
return $this->createFileChunked($data);
|
||||
}
|
||||
|
||||
list($storage,) = $this->fileView->resolvePath($this->path);
|
||||
list($storage) = $this->fileView->resolvePath($this->path);
|
||||
$needsPartFile = $this->needsPartFile($storage) && (strlen($this->path) > 1);
|
||||
|
||||
if ($needsPartFile) {
|
||||
@ -329,5 +327,5 @@ class File extends \OC\Connector\Sabre\Node implements \Sabre\DAV\IFile {
|
||||
// and/or add method on Storage called "needsPartFile()"
|
||||
return !$storage->instanceOfStorage('OCA\Files_Sharing\External\Storage') &&
|
||||
!$storage->instanceOfStorage('OC\Files\Storage\OwnCloud');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -103,9 +103,8 @@ abstract class Node implements \Sabre\DAV\INode {
|
||||
list($parentPath,) = \Sabre\HTTP\URLUtil::splitPath($this->path);
|
||||
list(, $newName) = \Sabre\HTTP\URLUtil::splitPath($name);
|
||||
|
||||
if (!\OCP\Util::isValidFileName($newName)) {
|
||||
throw new \Sabre\DAV\Exception\BadRequest();
|
||||
}
|
||||
// verify path of the target
|
||||
$this->verifyPath();
|
||||
|
||||
$newPath = $parentPath . '/' . $newName;
|
||||
|
||||
@ -230,4 +229,13 @@ abstract class Node implements \Sabre\DAV\INode {
|
||||
}
|
||||
return $p;
|
||||
}
|
||||
|
||||
protected function verifyPath() {
|
||||
try {
|
||||
$fileName = basename($this->info->getPath());
|
||||
$this->fileView->verifyPath($this->path, $fileName);
|
||||
} catch (\OCP\Files\InvalidPathException $ex) {
|
||||
throw new OC_Connector_Sabre_Exception_InvalidPath($ex->getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -11,6 +11,7 @@ namespace OC\Connector\Sabre;
|
||||
use OC\Files\FileInfo;
|
||||
use OC\Files\Filesystem;
|
||||
use OC\Files\Mount\MoveableMount;
|
||||
use OC_Connector_Sabre_Exception_InvalidPath;
|
||||
use OCP\Files\StorageInvalidException;
|
||||
use OCP\Files\StorageNotAvailableException;
|
||||
|
||||
@ -185,8 +186,10 @@ class ObjectTree extends \Sabre\DAV\Tree {
|
||||
}
|
||||
|
||||
$fileName = basename($destinationPath);
|
||||
if (!\OCP\Util::isValidFileName($fileName)) {
|
||||
throw new \Sabre\DAV\Exception\BadRequest();
|
||||
try {
|
||||
$this->fileView->verifyPath($destinationDir, $fileName);
|
||||
} catch (\OCP\Files\InvalidPathException $ex) {
|
||||
throw new OC_Connector_Sabre_Exception_InvalidPath($ex->getMessage());
|
||||
}
|
||||
|
||||
$renameOkay = $this->fileView->rename($sourcePath, $destinationPath);
|
||||
|
@ -8,8 +8,12 @@
|
||||
|
||||
namespace OC\Files\Storage;
|
||||
|
||||
use OC\Files\Cache\Cache;
|
||||
use OC\Files\Cache\Scanner;
|
||||
use OC\Files\Cache\Storage;
|
||||
use OC\Files\Filesystem;
|
||||
use OC\Files\Cache\Watcher;
|
||||
use OCP\Files\InvalidPathException;
|
||||
|
||||
/**
|
||||
* Storage backend class for providing common filesystem operation methods
|
||||
@ -25,7 +29,6 @@ use OC\Files\Cache\Watcher;
|
||||
abstract class Common implements \OC\Files\Storage\Storage {
|
||||
protected $cache;
|
||||
protected $scanner;
|
||||
protected $permissioncache;
|
||||
protected $watcher;
|
||||
protected $storageCache;
|
||||
|
||||
@ -303,7 +306,7 @@ abstract class Common implements \OC\Files\Storage\Storage {
|
||||
$storage = $this;
|
||||
}
|
||||
if (!isset($this->cache)) {
|
||||
$this->cache = new \OC\Files\Cache\Cache($storage);
|
||||
$this->cache = new Cache($storage);
|
||||
}
|
||||
return $this->cache;
|
||||
}
|
||||
@ -313,7 +316,7 @@ abstract class Common implements \OC\Files\Storage\Storage {
|
||||
$storage = $this;
|
||||
}
|
||||
if (!isset($this->scanner)) {
|
||||
$this->scanner = new \OC\Files\Cache\Scanner($storage);
|
||||
$this->scanner = new Scanner($storage);
|
||||
}
|
||||
return $this->scanner;
|
||||
}
|
||||
@ -323,7 +326,7 @@ abstract class Common implements \OC\Files\Storage\Storage {
|
||||
$storage = $this;
|
||||
}
|
||||
if (!isset($this->watcher)) {
|
||||
$this->watcher = new \OC\Files\Cache\Watcher($storage);
|
||||
$this->watcher = new Watcher($storage);
|
||||
$this->watcher->setPolicy(\OC::$server->getConfig()->getSystemValue('filesystem_check_changes', Watcher::CHECK_ONCE));
|
||||
}
|
||||
return $this->watcher;
|
||||
@ -334,7 +337,7 @@ abstract class Common implements \OC\Files\Storage\Storage {
|
||||
$storage = $this;
|
||||
}
|
||||
if (!isset($this->storageCache)) {
|
||||
$this->storageCache = new \OC\Files\Cache\Storage($storage);
|
||||
$this->storageCache = new Storage($storage);
|
||||
}
|
||||
return $this->storageCache;
|
||||
}
|
||||
@ -451,4 +454,58 @@ abstract class Common implements \OC\Files\Storage\Storage {
|
||||
return [];
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
public function verifyPath($path, $fileName) {
|
||||
// NOTE: $path will remain unverified for now
|
||||
if (\OC_Util::runningOnWindows()) {
|
||||
$this->verifyWindowsPath($fileName);
|
||||
} else {
|
||||
$this->verifyPosixPath($fileName);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx
|
||||
* @param string $fileName
|
||||
* @throws InvalidPathException
|
||||
*/
|
||||
private function verifyWindowsPath($fileName) {
|
||||
$fileName = trim($fileName);
|
||||
$this->scanForInvalidCharacters($fileName, "\\/<>:\"|?*");
|
||||
$reservedNames = ['CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9'];
|
||||
if (in_array(strtoupper($fileName), $reservedNames)) {
|
||||
throw new InvalidPathException("File name is a reserved word");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $fileName
|
||||
* @throws InvalidPathException
|
||||
*/
|
||||
private function verifyPosixPath($fileName) {
|
||||
$fileName = trim($fileName);
|
||||
$this->scanForInvalidCharacters($fileName, "\\/");
|
||||
$reservedNames = ['*'];
|
||||
if (in_array($fileName, $reservedNames)) {
|
||||
throw new InvalidPathException("File name is a reserved word");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $fileName
|
||||
* @throws InvalidPathException
|
||||
*/
|
||||
private function scanForInvalidCharacters($fileName, $invalidChars) {
|
||||
foreach (str_split($fileName) as $char) {
|
||||
if (strpos($invalidChars, $char) !== false) {
|
||||
throw new InvalidPathException('File name contains at least one invalid characters');
|
||||
}
|
||||
if (ord($char) >= 0 && ord($char) <= 31) {
|
||||
throw new InvalidPathException('File name contains at least one invalid characters');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -8,6 +8,8 @@
|
||||
|
||||
namespace OC\Files\Storage\Wrapper;
|
||||
|
||||
use OCP\Files\InvalidPathException;
|
||||
|
||||
class Wrapper implements \OC\Files\Storage\Storage {
|
||||
/**
|
||||
* @var \OC\Files\Storage\Storage $storage
|
||||
@ -477,4 +479,14 @@ class Wrapper implements \OC\Files\Storage\Storage {
|
||||
public function getDirectDownload($path) {
|
||||
return $this->storage->getDirectDownload($path);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $path the path of the target folder
|
||||
* @param string $fileName the name of the file itself
|
||||
* @return void
|
||||
* @throws InvalidPathException
|
||||
*/
|
||||
public function verifyPath($path, $fileName) {
|
||||
$this->storage->verifyPath($path, $fileName);
|
||||
}
|
||||
}
|
||||
|
@ -11,6 +11,7 @@ namespace OC\Files;
|
||||
|
||||
use OC\Files\Cache\Updater;
|
||||
use OC\Files\Mount\MoveableMount;
|
||||
use OCP\Files\InvalidPathException;
|
||||
|
||||
/**
|
||||
* Class to provide access to ownCloud filesystem via a "view", and methods for
|
||||
@ -29,11 +30,10 @@ use OC\Files\Mount\MoveableMount;
|
||||
* \OC\Files\Storage\Storage object
|
||||
*/
|
||||
class View {
|
||||
/** @var string */
|
||||
private $fakeRoot = '';
|
||||
|
||||
/**
|
||||
* @var \OC\Files\Cache\Updater
|
||||
*/
|
||||
/** @var \OC\Files\Cache\Updater */
|
||||
protected $updater;
|
||||
|
||||
/**
|
||||
@ -116,7 +116,7 @@ class View {
|
||||
* get the mountpoint of the storage object for a path
|
||||
* ( note: because a storage is not always mounted inside the fakeroot, the
|
||||
* returned mountpoint is relative to the absolute root of the filesystem
|
||||
* and doesn't take the chroot into account )
|
||||
* and does not take the chroot into account )
|
||||
*
|
||||
* @param string $path
|
||||
* @return string
|
||||
@ -129,7 +129,7 @@ class View {
|
||||
* get the mountpoint of the storage object for a path
|
||||
* ( note: because a storage is not always mounted inside the fakeroot, the
|
||||
* returned mountpoint is relative to the absolute root of the filesystem
|
||||
* and doesn't take the chroot into account )
|
||||
* and does not take the chroot into account )
|
||||
*
|
||||
* @param string $path
|
||||
* @return \OCP\Files\Mount\IMountPoint
|
||||
@ -1532,7 +1532,32 @@ class View {
|
||||
/**
|
||||
* @return Updater
|
||||
*/
|
||||
public function getUpdater(){
|
||||
public function getUpdater() {
|
||||
return $this->updater;
|
||||
}
|
||||
|
||||
public function verifyPath($path, $fileName) {
|
||||
|
||||
// verify empty and dot files
|
||||
$trimmed = trim($fileName);
|
||||
if ($trimmed === '') {
|
||||
throw new InvalidPathException('Empty filename is not allowed');
|
||||
}
|
||||
if ($trimmed === '.' || $trimmed === '..') {
|
||||
throw new InvalidPathException('Dot files are not allowed');
|
||||
}
|
||||
|
||||
// verify database - e.g. mysql only 3-byte chars
|
||||
if (preg_match('%^(?:
|
||||
\xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3
|
||||
| [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15
|
||||
| \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16
|
||||
)*$%xs', $fileName)) {
|
||||
throw new InvalidPathException('4-byte characters are not supported in file names');
|
||||
}
|
||||
|
||||
/** @type \OCP\Files\Storage $storage */
|
||||
list($storage, $internalPath) = $this->resolvePath($path);
|
||||
$storage->verifyPath($internalPath, $fileName);
|
||||
}
|
||||
}
|
||||
|
@ -28,6 +28,7 @@
|
||||
// use OCP namespace for all classes that are considered public.
|
||||
// This means that they should be used by apps instead of the internal ownCloud classes
|
||||
namespace OCP\Files;
|
||||
use OCP\Files\InvalidPathException;
|
||||
|
||||
/**
|
||||
* Provide a common interface to all different storage options
|
||||
@ -345,4 +346,12 @@ interface Storage {
|
||||
* @return array|false
|
||||
*/
|
||||
public function getDirectDownload($path);
|
||||
|
||||
/**
|
||||
* @param string $path the path of the target folder
|
||||
* @param string $fileName the name of the file itself
|
||||
* @return void
|
||||
* @throws InvalidPathException
|
||||
*/
|
||||
public function verifyPath($path, $fileName);
|
||||
}
|
||||
|
41
tests/lib/connector/sabre/exception/invalidpathtest.php
Normal file
41
tests/lib/connector/sabre/exception/invalidpathtest.php
Normal file
@ -0,0 +1,41 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (c) 2015 Thomas Müller <deepdiver@owncloud.com>
|
||||
* This file is licensed under the Affero General Public License version 3 or
|
||||
* later.
|
||||
* See the COPYING-README file.
|
||||
*/
|
||||
class Test_OC_Connector_Sabre_Exception_InvalidPath extends \Test\TestCase {
|
||||
|
||||
public function testSerialization() {
|
||||
|
||||
// create xml doc
|
||||
$DOM = new \DOMDocument('1.0','utf-8');
|
||||
$DOM->formatOutput = true;
|
||||
$error = $DOM->createElementNS('DAV:','d:error');
|
||||
$error->setAttribute('xmlns:s', Sabre\DAV\Server::NS_SABREDAV);
|
||||
$DOM->appendChild($error);
|
||||
|
||||
// serialize the exception
|
||||
$message = "1234567890";
|
||||
$retry = false;
|
||||
$expectedXml = <<<EOD
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:o="http://owncloud.org/ns">
|
||||
<o:retry xmlns:o="o:">false</o:retry>
|
||||
<o:reason xmlns:o="o:">1234567890</o:reason>
|
||||
</d:error>
|
||||
|
||||
EOD;
|
||||
|
||||
|
||||
$ex = new OC_Connector_Sabre_Exception_InvalidPath($message, $retry);
|
||||
$server = $this->getMock('Sabre\DAV\Server');
|
||||
$ex->serialize($server, $error);
|
||||
|
||||
// assert
|
||||
$xml = $DOM->saveXML();
|
||||
$this->assertEquals($expectedXml, $xml);
|
||||
}
|
||||
}
|
226
tests/lib/files/pathverificationtest.php
Normal file
226
tests/lib/files/pathverificationtest.php
Normal file
@ -0,0 +1,226 @@
|
||||
<?php
|
||||
/**
|
||||
* Copyright (c) 2015 Thomas Müller <deepdiver@owncloud.com>
|
||||
* This file is licensed under the Affero General Public License version 3 or
|
||||
* later.
|
||||
* See the COPYING-README file. */
|
||||
|
||||
namespace Test\Files;
|
||||
|
||||
use OC\Files\Storage\Local;
|
||||
use OC\Files\View;
|
||||
|
||||
class PathVerification extends \Test\TestCase {
|
||||
|
||||
/**
|
||||
* @var \OC\Files\View
|
||||
*/
|
||||
private $view;
|
||||
|
||||
protected function setUp() {
|
||||
parent::setUp();
|
||||
$this->view = new View();
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider providesEmptyFiles
|
||||
* @expectedException \OCP\Files\InvalidPathException
|
||||
* @expectedExceptionMessage Empty filename is not allowed
|
||||
*/
|
||||
public function testPathVerificationEmptyFileName($fileName) {
|
||||
$this->view->verifyPath('', $fileName);
|
||||
}
|
||||
|
||||
public function providesEmptyFiles() {
|
||||
return [
|
||||
[''],
|
||||
[' '],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider providesDotFiles
|
||||
* @expectedException \OCP\Files\InvalidPathException
|
||||
* @expectedExceptionMessage Dot files are not allowed
|
||||
*/
|
||||
public function testPathVerificationDotFiles($fileName) {
|
||||
$this->view->verifyPath('', $fileName);
|
||||
}
|
||||
|
||||
public function providesDotFiles() {
|
||||
return [
|
||||
['.'],
|
||||
['..'],
|
||||
[' .'],
|
||||
[' ..'],
|
||||
['. '],
|
||||
['.. '],
|
||||
[' . '],
|
||||
[' .. '],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider providesAstralPlane
|
||||
* @expectedException \OCP\Files\InvalidPathException
|
||||
* @expectedExceptionMessage 4-byte characters are not supported in file names
|
||||
*/
|
||||
public function testPathVerificationAstralPlane($fileName) {
|
||||
$this->view->verifyPath('', $fileName);
|
||||
}
|
||||
|
||||
public function providesAstralPlane() {
|
||||
return [
|
||||
// this is the monkey emoji - http://en.wikipedia.org/w/index.php?title=%F0%9F%90%B5&redirect=no
|
||||
['🐵'],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider providesInvalidCharsWindows
|
||||
* @expectedException \OCP\Files\InvalidPathException
|
||||
* @expectedExceptionMessage File name contains at least one invalid characters
|
||||
*/
|
||||
public function testPathVerificationInvalidCharsWindows($fileName) {
|
||||
$storage = new Local(['datadir' => '']);
|
||||
|
||||
$fileName = " 123{$fileName}456 ";
|
||||
\Test_Helper::invokePrivate($storage, 'verifyWindowsPath', [$fileName]);
|
||||
}
|
||||
|
||||
public function providesInvalidCharsWindows() {
|
||||
return [
|
||||
[\chr(0)],
|
||||
[\chr(1)],
|
||||
[\chr(2)],
|
||||
[\chr(3)],
|
||||
[\chr(4)],
|
||||
[\chr(5)],
|
||||
[\chr(6)],
|
||||
[\chr(7)],
|
||||
[\chr(8)],
|
||||
[\chr(9)],
|
||||
[\chr(10)],
|
||||
[\chr(11)],
|
||||
[\chr(12)],
|
||||
[\chr(13)],
|
||||
[\chr(14)],
|
||||
[\chr(15)],
|
||||
[\chr(16)],
|
||||
[\chr(17)],
|
||||
[\chr(18)],
|
||||
[\chr(19)],
|
||||
[\chr(20)],
|
||||
[\chr(21)],
|
||||
[\chr(22)],
|
||||
[\chr(23)],
|
||||
[\chr(24)],
|
||||
[\chr(25)],
|
||||
[\chr(26)],
|
||||
[\chr(27)],
|
||||
[\chr(28)],
|
||||
[\chr(29)],
|
||||
[\chr(30)],
|
||||
[\chr(31)],
|
||||
['<'],
|
||||
['>'],
|
||||
[':'],
|
||||
['"'],
|
||||
['/'],
|
||||
['\\'],
|
||||
['|'],
|
||||
['?'],
|
||||
['*'],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider providesInvalidCharsPosix
|
||||
* @expectedException \OCP\Files\InvalidPathException
|
||||
* @expectedExceptionMessage File name contains at least one invalid characters
|
||||
*/
|
||||
public function testPathVerificationInvalidCharsPosix($fileName) {
|
||||
$storage = new Local(['datadir' => '']);
|
||||
|
||||
$fileName = " 123{$fileName}456 ";
|
||||
\Test_Helper::invokePrivate($storage, 'verifyWindowsPath', [$fileName]);
|
||||
}
|
||||
|
||||
public function providesInvalidCharsPosix() {
|
||||
return [
|
||||
[\chr(0)],
|
||||
[\chr(1)],
|
||||
[\chr(2)],
|
||||
[\chr(3)],
|
||||
[\chr(4)],
|
||||
[\chr(5)],
|
||||
[\chr(6)],
|
||||
[\chr(7)],
|
||||
[\chr(8)],
|
||||
[\chr(9)],
|
||||
[\chr(10)],
|
||||
[\chr(11)],
|
||||
[\chr(12)],
|
||||
[\chr(13)],
|
||||
[\chr(14)],
|
||||
[\chr(15)],
|
||||
[\chr(16)],
|
||||
[\chr(17)],
|
||||
[\chr(18)],
|
||||
[\chr(19)],
|
||||
[\chr(20)],
|
||||
[\chr(21)],
|
||||
[\chr(22)],
|
||||
[\chr(23)],
|
||||
[\chr(24)],
|
||||
[\chr(25)],
|
||||
[\chr(26)],
|
||||
[\chr(27)],
|
||||
[\chr(28)],
|
||||
[\chr(29)],
|
||||
[\chr(30)],
|
||||
[\chr(31)],
|
||||
['/'],
|
||||
['\\'],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider providesReservedNamesWindows
|
||||
* @expectedException \OCP\Files\InvalidPathException
|
||||
* @expectedExceptionMessage File name is a reserved word
|
||||
*/
|
||||
public function testPathVerificationReservedNamesWindows($fileName) {
|
||||
$storage = new Local(['datadir' => '']);
|
||||
|
||||
\Test_Helper::invokePrivate($storage, 'verifyWindowsPath', [$fileName]);
|
||||
}
|
||||
|
||||
public function providesReservedNamesWindows() {
|
||||
return [
|
||||
[' CON '],
|
||||
['prn '],
|
||||
['AUX'],
|
||||
['NUL'],
|
||||
['COM1'],
|
||||
['COM2'],
|
||||
['COM3'],
|
||||
['COM4'],
|
||||
['COM5'],
|
||||
['COM6'],
|
||||
['COM7'],
|
||||
['COM8'],
|
||||
['COM9'],
|
||||
['LPT1'],
|
||||
['LPT2'],
|
||||
['LPT3'],
|
||||
['LPT4'],
|
||||
['LPT5'],
|
||||
['LPT6'],
|
||||
['LPT7'],
|
||||
['LPT8'],
|
||||
['LPT9']
|
||||
];
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user