diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2017-04-26 18:21:13 -0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-04-26 18:21:13 -0300 |
| commit | 4a9cb81486c38cb4158a3d988363c391ba023760 (patch) | |
| tree | 88239f9b9255c7dd0d155d01afe6440a32e8dc94 | |
| parent | aad07945005cfb8b59287452453623e1b0d33dd1 (diff) | |
| parent | 1c771c097a478ee461bfbc3447c84a4abea22c8c (diff) | |
| download | nextcloud-server-4a9cb81486c38cb4158a3d988363c391ba023760.tar.gz nextcloud-server-4a9cb81486c38cb4158a3d988363c391ba023760.zip | |
Merge pull request #4526 from nextcloud/downstream-27269
Don`t allow upload of files with extension .part
| -rw-r--r-- | lib/private/legacy/util.php | 6 | ||||
| -rw-r--r-- | tests/lib/UtilTest.php | 74 |
2 files changed, 48 insertions, 32 deletions
diff --git a/lib/private/legacy/util.php b/lib/private/legacy/util.php index 9516a67af48..d49599cb8a1 100644 --- a/lib/private/legacy/util.php +++ b/lib/private/legacy/util.php @@ -1388,6 +1388,12 @@ class OC_Util { if (\OC\Files\Filesystem::isIgnoredDir($trimmed)) { return false; } + + // detect part files + if (preg_match('/' . \OCP\Files\FileInfo::BLACKLIST_FILES_REGEX . '/', $trimmed) !== 0) { + return false; + } + foreach (str_split($trimmed) as $char) { if (strpos(\OCP\Constants::FILENAME_INVALID_CHARS, $char) !== false) { return false; diff --git a/tests/lib/UtilTest.php b/tests/lib/UtilTest.php index 278e6cfd4ce..39a29742e4f 100644 --- a/tests/lib/UtilTest.php +++ b/tests/lib/UtilTest.php @@ -204,41 +204,51 @@ class UtilTest extends \Test\TestCase { } public function filenameValidationProvider() { - return array( + return [ // valid names - array('boringname', true), - array('something.with.extension', true), - array('now with spaces', true), - array('.a', true), - array('..a', true), - array('.dotfile', true), - array('single\'quote', true), - array(' spaces before', true), - array('spaces after ', true), - array('allowed chars including the crazy ones $%&_-^@!,()[]{}=;#', true), - array('汉字也能用', true), - array('und Ümläüte sind auch willkommen', true), + ['boringname', true], + ['something.with.extension', true], + ['now with spaces', true], + ['.a', true], + ['..a', true], + ['.dotfile', true], + ['single\'quote', true], + [' spaces before', true], + ['spaces after ', true], + ['allowed chars including the crazy ones $%&_-^@!,()[]{}=;#', true], + ['汉字也能用', true], + ['und Ümläüte sind auch willkommen', true], // disallowed names - array('', false), - array(' ', false), - array('.', false), - array('..', false), - array('back\\slash', false), - array('sl/ash', false), - array('lt<lt', true), - array('gt>gt', true), - array('col:on', true), - array('double"quote', true), - array('pi|pe', true), - array('dont?ask?questions?', true), - array('super*star', true), - array('new\nline', false), + ['', false], + [' ', false], + ['.', false], + ['..', false], + ['back\\slash', false], + ['sl/ash', false], + ['lt<lt', true], + ['gt>gt', true], + ['col:on', true], + ['double"quote', true], + ['pi|pe', true], + ['dont?ask?questions?', true], + ['super*star', true], + ['new\nline', false], + // better disallow these to avoid unexpected trimming to have side effects - array(' ..', false), - array('.. ', false), - array('. ', false), - array(' .', false), - ); + [' ..', false], + ['.. ', false], + ['. ', false], + [' .', false], + + // part files not allowed + ['.part', false], + ['notallowed.part', false], + ['neither.filepart', false], + + // part in the middle is ok + ['super movie part one.mkv', true], + ['super.movie.part.mkv', true], + ]; } /** |