summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobin Appelman <robin@icewind.nl>2020-06-19 14:57:58 +0200
committerRobin Appelman <robin@icewind.nl>2021-03-24 17:13:09 +0100
commitaee4caed07bbb8739befd80c686e1f56943c4d12 (patch)
tree4e31cd860b486a281556b00ded552cfdcaf82b44
parent6e40c2fb52976e268821ae365c52dbb5253430a9 (diff)
downloadnextcloud-server-aee4caed07bbb8739befd80c686e1f56943c4d12.tar.gz
nextcloud-server-aee4caed07bbb8739befd80c686e1f56943c4d12.zip
show better error messages when a file with a forbidden path is encountered
Signed-off-by: Robin Appelman <robin@icewind.nl>
-rw-r--r--lib/private/Files/Storage/Local.php12
1 files changed, 4 insertions, 8 deletions
diff --git a/lib/private/Files/Storage/Local.php b/lib/private/Files/Storage/Local.php
index 944b0b69959..c21364847e1 100644
--- a/lib/private/Files/Storage/Local.php
+++ b/lib/private/Files/Storage/Local.php
@@ -288,16 +288,14 @@ class Local extends \OC\Files\Storage\Common {
}
}
- private function treeContainsBlacklistedFile(string $path): bool {
+ private function checkTreeForForbiddenItems(string $path) {
$iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($path));
foreach ($iterator as $file) {
/** @var \SplFileInfo $file */
if (Filesystem::isFileBlacklisted($file->getBasename())) {
- return true;
+ throw new ForbiddenException('Invalid path: ' . $file->getPathname(), false);
}
}
-
- return false;
}
public function rename($path1, $path2) {
@@ -337,9 +335,7 @@ class Local extends \OC\Files\Storage\Common {
return $result;
}
- if ($this->treeContainsBlacklistedFile($this->getSourcePath($path1))) {
- throw new ForbiddenException('Invalid path', false);
- }
+ $this->checkTreeForForbiddenItems($this->getSourcePath($path1));
}
return rename($this->getSourcePath($path1), $this->getSourcePath($path2));
@@ -437,7 +433,7 @@ class Local extends \OC\Files\Storage\Common {
*/
public function getSourcePath($path) {
if (Filesystem::isFileBlacklisted($path)) {
- throw new ForbiddenException('Invalid path', false);
+ throw new ForbiddenException('Invalid path: ' . $path, false);
}
$fullPath = $this->datadir . $path;