diff options
| author | icewind1991 <icewind1991@gmail.com> | 2013-05-10 06:15:34 -0700 |
|---|---|---|
| committer | icewind1991 <icewind1991@gmail.com> | 2013-05-10 06:15:34 -0700 |
| commit | 5667d11f7d8869c915c30869cbd4174f08260e0f (patch) | |
| tree | 1d089d160a065c7c5d46bc052d0fa5d89e8f2b3d | |
| parent | c112ac440822c354818e3b904194c957b580b608 (diff) | |
| parent | 9134395b43bb92d31abc5de95fb00a024898cfc5 (diff) | |
| download | nextcloud-server-5667d11f7d8869c915c30869cbd4174f08260e0f.tar.gz nextcloud-server-5667d11f7d8869c915c30869cbd4174f08260e0f.zip | |
Merge pull request #3304 from owncloud/fix_bypass_fo_file_blacklist
Properly check file blacklist
| -rw-r--r-- | lib/files/cache/scanner.php | 10 | ||||
| -rw-r--r-- | lib/files/view.php | 20 |
2 files changed, 18 insertions, 12 deletions
diff --git a/lib/files/cache/scanner.php b/lib/files/cache/scanner.php index 5241acec1ee..661bc486330 100644 --- a/lib/files/cache/scanner.php +++ b/lib/files/cache/scanner.php @@ -62,7 +62,9 @@ class Scanner { * @return array with metadata of the scanned file */ public function scanFile($file, $checkExisting = false) { - if (!self::isIgnoredFile($file)) { + if ( ! self::isPartialFile($file) + and ! \OC\Files\Filesystem::isFileBlacklisted($file) + ) { \OC_Hook::emit('\OC\Files\Cache\Scanner', 'scan_file', array('path' => $file, 'storage' => $this->storageId)); $data = $this->getData($file); if ($data) { @@ -166,10 +168,8 @@ class Scanner { * @param String $file * @return boolean */ - public static function isIgnoredFile($file) { - if (pathinfo($file, PATHINFO_EXTENSION) === 'part' - || \OC\Files\Filesystem::isFileBlacklisted($file) - ) { + public static function isPartialFile($file) { + if (pathinfo($file, PATHINFO_EXTENSION) === 'part') { return true; } return false; diff --git a/lib/files/view.php b/lib/files/view.php index f89b7f66ffd..f35e1e3dc16 100644 --- a/lib/files/view.php +++ b/lib/files/view.php @@ -263,12 +263,13 @@ class View { if (is_resource($data)) { //not having to deal with streams in file_put_contents makes life easier $absolutePath = Filesystem::normalizePath($this->getAbsolutePath($path)); if (\OC_FileProxy::runPreProxies('file_put_contents', $absolutePath, $data) - && Filesystem::isValidPath($path) + and Filesystem::isValidPath($path) + and ! Filesystem::isFileBlacklisted($path) ) { $path = $this->getRelativePath($absolutePath); $exists = $this->file_exists($path); $run = true; - if ($this->fakeRoot == Filesystem::getRoot() && !Cache\Scanner::isIgnoredFile($path)) { + if ($this->fakeRoot == Filesystem::getRoot() && !Cache\Scanner::isPartialFile($path)) { if (!$exists) { \OC_Hook::emit( Filesystem::CLASSNAME, @@ -296,7 +297,7 @@ class View { list ($count, $result) = \OC_Helper::streamCopy($data, $target); fclose($target); fclose($data); - if ($this->fakeRoot == Filesystem::getRoot() && !Cache\Scanner::isIgnoredFile($path)) { + if ($this->fakeRoot == Filesystem::getRoot() && !Cache\Scanner::isPartialFile($path)) { if (!$exists) { \OC_Hook::emit( Filesystem::CLASSNAME, @@ -340,6 +341,7 @@ class View { \OC_FileProxy::runPreProxies('rename', $absolutePath1, $absolutePath2) and Filesystem::isValidPath($path2) and Filesystem::isValidPath($path1) + and ! Filesystem::isFileBlacklisted($path2) ) { $path1 = $this->getRelativePath($absolutePath1); $path2 = $this->getRelativePath($absolutePath2); @@ -348,7 +350,7 @@ class View { return false; } $run = true; - if ($this->fakeRoot == Filesystem::getRoot()) { + if ($this->fakeRoot == Filesystem::getRoot() && !Cache\Scanner::isPartialFile($path1)) { \OC_Hook::emit( Filesystem::CLASSNAME, Filesystem::signal_rename, array( @@ -376,7 +378,7 @@ class View { list($storage1, $internalPath1) = Filesystem::resolvePath($absolutePath1 . $postFix1); $storage1->unlink($internalPath1); } - if ($this->fakeRoot == Filesystem::getRoot()) { + if ($this->fakeRoot == Filesystem::getRoot() && !Cache\Scanner::isPartialFile($path1)) { \OC_Hook::emit( Filesystem::CLASSNAME, Filesystem::signal_post_rename, @@ -404,6 +406,7 @@ class View { \OC_FileProxy::runPreProxies('copy', $absolutePath1, $absolutePath2) and Filesystem::isValidPath($path2) and Filesystem::isValidPath($path1) + and ! Filesystem::isFileBlacklisted($path2) ) { $path1 = $this->getRelativePath($absolutePath1); $path2 = $this->getRelativePath($absolutePath2); @@ -606,7 +609,10 @@ class View { private function basicOperation($operation, $path, $hooks = array(), $extraParam = null) { $postFix = (substr($path, -1, 1) === '/') ? '/' : ''; $absolutePath = Filesystem::normalizePath($this->getAbsolutePath($path)); - if (\OC_FileProxy::runPreProxies($operation, $absolutePath, $extraParam) and Filesystem::isValidPath($path)) { + if (\OC_FileProxy::runPreProxies($operation, $absolutePath, $extraParam) + and Filesystem::isValidPath($path) + and ! Filesystem::isFileBlacklisted($path) + ) { $path = $this->getRelativePath($absolutePath); if ($path == null) { return false; @@ -635,7 +641,7 @@ class View { private function runHooks($hooks, $path, $post = false) { $prefix = ($post) ? 'post_' : ''; $run = true; - if (Filesystem::$loaded and $this->fakeRoot == Filesystem::getRoot() && !Cache\Scanner::isIgnoredFile($path)) { + if (Filesystem::$loaded and $this->fakeRoot == Filesystem::getRoot()) { foreach ($hooks as $hook) { if ($hook != 'read') { \OC_Hook::emit( |