diff options
| author | Julius Härtl <jus@bitgrid.net> | 2021-11-25 11:07:46 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-25 11:07:46 +0100 |
| commit | d9d54ce782d34656d2e53cb7588fcad80182a1fe (patch) | |
| tree | 883dead537a8c575acead842145e7d6ac4e17ec5 | |
| parent | d42a28cd7ced228545e0f7b77ee60db8ad26d9e1 (diff) | |
| parent | 599870980bd820fc9de9832007407de2a31c31df (diff) | |
| download | nextcloud-server-d9d54ce782d34656d2e53cb7588fcad80182a1fe.tar.gz nextcloud-server-d9d54ce782d34656d2e53cb7588fcad80182a1fe.zip | |
Merge pull request #29895 from nextcloud/bugfix/noid/check-for-invalid-characters-before-trimming
Check for invalid characters before trimming
| -rw-r--r-- | build/integration/features/bootstrap/WebDav.php | 28 | ||||
| -rw-r--r-- | build/integration/features/webdav-related.feature | 9 | ||||
| -rw-r--r-- | lib/private/Files/Storage/Common.php | 2 |
3 files changed, 32 insertions, 7 deletions
diff --git a/build/integration/features/bootstrap/WebDav.php b/build/integration/features/bootstrap/WebDav.php index 9f5e79a3ac6..aeae6ce3ba8 100644 --- a/build/integration/features/bootstrap/WebDav.php +++ b/build/integration/features/bootstrap/WebDav.php @@ -458,7 +458,10 @@ trait WebDav { try { $this->response = $this->makeDavRequest($user, "PUT", $destination, [], $file); } catch (\GuzzleHttp\Exception\ServerException $e) { - // 4xx and 5xx responses cause an exception + // 5xx responses cause a server exception + $this->response = $e->getResponse(); + } catch (\GuzzleHttp\Exception\ClientException $e) { + // 4xx responses cause a client exception $this->response = $e->getResponse(); } } @@ -487,7 +490,10 @@ trait WebDav { try { $this->response = $this->makeDavRequest($user, "PUT", $destination, [], $file); } catch (\GuzzleHttp\Exception\ServerException $e) { - // 4xx and 5xx responses cause an exception + // 5xx responses cause a server exception + $this->response = $e->getResponse(); + } catch (\GuzzleHttp\Exception\ClientException $e) { + // 4xx responses cause a client exception $this->response = $e->getResponse(); } } @@ -502,7 +508,10 @@ trait WebDav { try { $this->response = $this->makeDavRequest($user, 'DELETE', $file, []); } catch (\GuzzleHttp\Exception\ServerException $e) { - // 4xx and 5xx responses cause an exception + // 5xx responses cause a server exception + $this->response = $e->getResponse(); + } catch (\GuzzleHttp\Exception\ClientException $e) { + // 4xx responses cause a client exception $this->response = $e->getResponse(); } } @@ -517,7 +526,10 @@ trait WebDav { $destination = '/' . ltrim($destination, '/'); $this->response = $this->makeDavRequest($user, "MKCOL", $destination, []); } catch (\GuzzleHttp\Exception\ServerException $e) { - // 4xx and 5xx responses cause an exception + // 5xx responses cause a server exception + $this->response = $e->getResponse(); + } catch (\GuzzleHttp\Exception\ClientException $e) { + // 4xx responses cause a client exception $this->response = $e->getResponse(); } } @@ -639,8 +651,12 @@ trait WebDav { public function downloadingFileAs($fileName, $user) { try { $this->response = $this->makeDavRequest($user, 'GET', $fileName, []); - } catch (\GuzzleHttp\Exception\ServerException $ex) { - $this->response = $ex->getResponse(); + } catch (\GuzzleHttp\Exception\ServerException $e) { + // 5xx responses cause a server exception + $this->response = $e->getResponse(); + } catch (\GuzzleHttp\Exception\ClientException $e) { + // 4xx responses cause a client exception + $this->response = $e->getResponse(); } } diff --git a/build/integration/features/webdav-related.feature b/build/integration/features/webdav-related.feature index c98ecc56ec7..78ec6a93c50 100644 --- a/build/integration/features/webdav-related.feature +++ b/build/integration/features/webdav-related.feature @@ -619,3 +619,12 @@ Feature: webdav-related And Downloaded content should be "BBBBB" And Downloading file "/C.txt" And Downloaded content should be "CCCCC" + + Scenario: Creating a folder with invalid characters + Given using new dav path + And As an "admin" + And user "user0" exists + And user "user1" exists + And As an "user1" + And user "user1" created a folder "/testshare " + Then the HTTP status code should be "400" diff --git a/lib/private/Files/Storage/Common.php b/lib/private/Files/Storage/Common.php index 4c07426dd70..7239c58a8a1 100644 --- a/lib/private/Files/Storage/Common.php +++ b/lib/private/Files/Storage/Common.php @@ -554,8 +554,8 @@ abstract class Common implements Storage, ILockingStorage, IWriteStreamStorage { * @throws InvalidPathException */ protected function verifyPosixPath($fileName) { - $fileName = trim($fileName); $this->scanForInvalidCharacters($fileName, "\\/"); + $fileName = trim($fileName); $reservedNames = ['*']; if (in_array($fileName, $reservedNames)) { throw new ReservedWordException(); |