Merge pull request #13224 from owncloud/simplify-is-valid-path-and-add-unit-tests

Simplify isValidPath and add unit tests

2 files changed, 34 insertions, 1 deletions

diff --git a/lib/private/files/filesystem.php b/lib/private/files/filesystem.php
index bc43eb5d1ce..100b364ca06 100644
--- a/lib/private/files/filesystem.php
+++ b/lib/private/files/filesystem.php
@@ -504,7 +504,7 @@ class Filesystem {
 		if (!$path || $path[0] !== '/') {
 			$path = '/' . $path;
 		}
-		if (strstr($path, '/../') || strrchr($path, '/') === '/..') {
+		if (strpos($path, '/../') !== FALSE || strrchr($path, '/') === '/..') {
 			return false;
 		}
 		return true;
diff --git a/tests/lib/files/filesystem.php b/tests/lib/files/filesystem.php
index 1b84db0fc0d..888690adb0e 100644
--- a/tests/lib/files/filesystem.php
+++ b/tests/lib/files/filesystem.php
@@ -154,6 +154,39 @@ class Filesystem extends \Test\TestCase {
 		$this->assertEquals($expected, \OC\Files\Filesystem::normalizePath($path, $stripTrailingSlash));
 	}
 
+	public function isValidPathData() {
+		return array(
+			array('/', true),
+			array('/path', true),
+			array('/foo/bar', true),
+			array('/foo//bar/', true),
+			array('/foo////bar', true),
+			array('/foo//\///bar', true),
+			array('/foo/bar/.', true),
+			array('/foo/bar/./', true),
+			array('/foo/bar/./.', true),
+			array('/foo/bar/././', true),
+			array('/foo/bar/././..bar', true),
+			array('/foo/bar/././..bar/a', true),
+			array('/foo/bar/././..', false),
+			array('/foo/bar/././../', false),
+			array('/foo/bar/.././', false),
+			array('/foo/bar/../../', false),
+			array('/foo/bar/../..\\', false),
+			array('..', false),
+			array('../', false),
+			array('../foo/bar', false),
+			array('..\foo/bar', false),
+		);
+	}
+
+	/**
+	 * @dataProvider isValidPathData
+	 */
+	public function testIsValidPath($path, $expected) {
+		$this->assertSame($expected, \OC\Files\Filesystem::isValidPath($path));
+	}
+
 	public function normalizePathWindowsAbsolutePathData() {
 		return array(
 			array('C:/', 'C:\\'),