Merge pull request #10622 from owncloud/recursive-delete-forbidden

Fix isDeletable

7 files changed, 46 insertions, 17 deletions

diff --git a/apps/files_external/lib/google.php b/apps/files_external/lib/google.php
index 88d82d51e2e..5d238a363de 100644
--- a/apps/files_external/lib/google.php
+++ b/apps/files_external/lib/google.php
@@ -204,6 +204,9 @@ class Google extends \OC\Files\Storage\Common {
 	}
 
 	public function rmdir($path) {
+		if (!$this->isDeletable($path)) {
+			return false;
+		}
 		if (trim($path, '/') === '') {
 			$dir = $this->opendir($path);
 			if(is_resource($dir)) {
diff --git a/apps/files_external/lib/streamwrapper.php b/apps/files_external/lib/streamwrapper.php
index 44bd9a0161a..b55bcf94af8 100644
--- a/apps/files_external/lib/streamwrapper.php
+++ b/apps/files_external/lib/streamwrapper.php
@@ -21,7 +21,7 @@ abstract class StreamWrapper extends Common {
 	}
 
 	public function rmdir($path) {
-		if ($this->file_exists($path)) {
+		if ($this->file_exists($path) && $this->isDeletable($path)) {
 			$dh = $this->opendir($path);
 			while (($file = readdir($dh)) !== false) {
 				if ($this->is_dir($path . '/' . $file)) {
diff --git a/apps/files_external/lib/swift.php b/apps/files_external/lib/swift.php
index 1c56d180e2f..6a1e12986fb 100644
--- a/apps/files_external/lib/swift.php
+++ b/apps/files_external/lib/swift.php
@@ -187,7 +187,7 @@ class Swift extends \OC\Files\Storage\Common {
 	public function rmdir($path) {
 		$path = $this->normalizePath($path);
 
-		if (!$this->is_dir($path)) {
+		if (!$this->is_dir($path) || !$this->isDeletable($path)) {
 			return false;
 		}
 
diff --git a/lib/private/files/mapper.php b/lib/private/files/mapper.php
index 94dda807c2b..5e78ef03dd0 100644
--- a/lib/private/files/mapper.php
+++ b/lib/private/files/mapper.php
@@ -66,8 +66,8 @@ class Mapper
 	 */
 	public function copy($path1, $path2)
 	{
-		$path1 = $this->stripLast($path1);
-		$path2 = $this->stripLast($path2);
+		$path1 = $this->resolveRelativePath($path1);
+		$path2 = $this->resolveRelativePath($path2);
 		$physicPath1 = $this->logicToPhysical($path1, true);
 		$physicPath2 = $this->logicToPhysical($path2, true);
 
@@ -113,18 +113,11 @@ class Mapper
 		return '';
 	}
 
-	private function stripLast($path) {
-		if (substr($path, -1) == '/') {
-			$path = substr_replace($path, '', -1);
-		}
-		return $path;
-	}
-
 	/**
 	 * @param string $logicPath
 	 */
 	private function resolveLogicPath($logicPath) {
-		$logicPath = $this->stripLast($logicPath);
+		$logicPath = $this->resolveRelativePath($logicPath);
 		$sql = 'SELECT * FROM `*PREFIX*file_map` WHERE `logic_path_hash` = ?';
 		$result = \OC_DB::executeAudited($sql, array(md5($logicPath)));
 		$result = $result->fetchRow();
@@ -136,7 +129,7 @@ class Mapper
 	}
 
 	private function resolvePhysicalPath($physicalPath) {
-		$physicalPath = $this->stripLast($physicalPath);
+		$physicalPath = $this->resolveRelativePath($physicalPath);
 		$sql = \OC_DB::prepare('SELECT * FROM `*PREFIX*file_map` WHERE `physic_path_hash` = ?');
 		$result = \OC_DB::executeAudited($sql, array(md5($physicalPath)));
 		$result = $result->fetchRow();
@@ -144,12 +137,35 @@ class Mapper
 		return $result['logic_path'];
 	}
 
+	private function resolveRelativePath($path) {
+		$explodedPath = explode('/', $path);
+		$pathArray = array();
+		foreach ($explodedPath as $pathElement) {
+			if (empty($pathElement) || ($pathElement == '.')) {
+				continue;
+			} elseif ($pathElement == '..') {
+				if (count($pathArray) == 0) {
+					return false;
+				}
+				array_pop($pathArray);
+			} else {
+				array_push($pathArray, $pathElement);
+			}
+		}
+		if (substr($path, 0, 1) == '/') {
+			$path = '/';
+		} else {
+			$path = '';
+		}
+		return $path.implode('/', $pathArray);
+	}
+
 	/**
 	 * @param string $logicPath
 	 * @param boolean $store
 	 */
 	private function create($logicPath, $store) {
-		$logicPath = $this->stripLast($logicPath);
+		$logicPath = $this->resolveRelativePath($logicPath);
 		$index = 0;
 
 		// create the slugified path
@@ -205,8 +221,8 @@ class Mapper
 			}
 		}
 
-		$sluggedPath = $this->unchangedPhysicalRoot . implode('/', $sluggedElements);
-		return $this->stripLast($sluggedPath);
+		$sluggedPath = $this->unchangedPhysicalRoot.implode('/', $sluggedElements);
+		return $this->resolveRelativePath($sluggedPath);
 	}
 
 	/**
diff --git a/lib/private/files/storage/common.php b/lib/private/files/storage/common.php
index 4799c865142..975f44df541 100644
--- a/lib/private/files/storage/common.php
+++ b/lib/private/files/storage/common.php
@@ -95,7 +95,11 @@ abstract class Common implements \OC\Files\Storage\Storage {
 	}
 
 	public function isDeletable($path) {
-		return $this->isUpdatable($path);
+		if ($path === '' || $path === '/') {
+			return false;
+		}
+		$parent = dirname($path);
+		return $this->isUpdatable($parent) && $this->isUpdatable($path);
 	}
 
 	public function isSharable($path) {
diff --git a/lib/private/files/storage/local.php b/lib/private/files/storage/local.php
index 9df6cdef2af..0a612ae505b 100644
--- a/lib/private/files/storage/local.php
+++ b/lib/private/files/storage/local.php
@@ -39,6 +39,9 @@ if (\OC_Util::runningOnWindows()) {
 		}
 
 		public function rmdir($path) {
+			if (!$this->isDeletable($path)) {
+				return false;
+			}
 			try {
 				$it = new \RecursiveIteratorIterator(
 					new \RecursiveDirectoryIterator($this->datadir . $path),
diff --git a/lib/private/files/storage/mappedlocal.php b/lib/private/files/storage/mappedlocal.php
index 0760d842eaf..0a21d2938b7 100644
--- a/lib/private/files/storage/mappedlocal.php
+++ b/lib/private/files/storage/mappedlocal.php
@@ -38,6 +38,9 @@ class MappedLocal extends \OC\Files\Storage\Common {
 	}
 
 	public function rmdir($path) {
+		if (!$this->isDeletable($path)) {
+			return false;
+		}
 		try {
 			$it = new \RecursiveIteratorIterator(
 				new \RecursiveDirectoryIterator($this->buildPath($path)),