diff options
| author | Robin Appelman <icewind@owncloud.com> | 2012-11-03 00:21:10 +0100 |
|---|---|---|
| committer | Robin Appelman <icewind@owncloud.com> | 2012-11-03 00:26:36 +0100 |
| commit | 4c0c78d15deac7bc53c1bf0e967972ac7e9525f4 (patch) | |
| tree | 41c3e2b334e1f577e790a0d95348122e041f4ad1 | |
| parent | 503922ff6cd6d80c9c5cdd58925d76de00d2f311 (diff) | |
| download | nextcloud-server-4c0c78d15deac7bc53c1bf0e967972ac7e9525f4.tar.gz nextcloud-server-4c0c78d15deac7bc53c1bf0e967972ac7e9525f4.zip | |
check for filename blacklist in OC_Filesystem::isValidPath
| -rw-r--r-- | lib/filesystem.php | 15 | ||||
| -rw-r--r-- | tests/lib/filesystem.php | 1 |
2 files changed, 11 insertions, 5 deletions
diff --git a/lib/filesystem.php b/lib/filesystem.php index 79bce2c6d00..852290e62ac 100644 --- a/lib/filesystem.php +++ b/lib/filesystem.php @@ -403,6 +403,9 @@ class OC_Filesystem{ if(strstr($path, '/../') || strrchr($path, '/') === '/..' ) { return false; } + if(self::isFileBlacklisted($path)){ + return false; + } return true; } @@ -412,20 +415,22 @@ class OC_Filesystem{ * @param array $data from hook */ static public function isBlacklisted($data) { - $blacklist = array('.htaccess'); if (isset($data['path'])) { $path = $data['path']; } else if (isset($data['newpath'])) { $path = $data['newpath']; } if (isset($path)) { - $filename = strtolower(basename($path)); - if (in_array($filename, $blacklist)) { - $data['run'] = false; - } + $data['run'] = !self::isFileBlacklisted($path); } } + static public function isFileBlacklisted($path){ + $blacklist = array('.htaccess'); + $filename = strtolower(basename($path)); + return in_array($filename, $blacklist); + } + /** * following functions are equivilent to their php buildin equivilents for arguments/return values. */ diff --git a/tests/lib/filesystem.php b/tests/lib/filesystem.php index 07c25e1498a..0008336383e 100644 --- a/tests/lib/filesystem.php +++ b/tests/lib/filesystem.php @@ -101,6 +101,7 @@ class Test_Filesystem extends UnitTestCase { $rootView->mkdir('/' . $user); $rootView->mkdir('/' . $user . '/files'); + $this->assertFalse($rootView->file_put_contents('/.htaccess', 'foo')); $this->assertFalse(OC_Filesystem::file_put_contents('/.htaccess', 'foo')); $fh = fopen(__FILE__, 'r'); $this->assertFalse(OC_Filesystem::file_put_contents('/.htaccess', $fh)); |