diff options
| author | John Molakvoæ <skjnldsv@users.noreply.github.com> | 2024-09-15 22:17:41 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-15 22:17:41 +0200 |
| commit | 038eff0b60eb4bac73519f99ec01d71f90a3b400 (patch) | |
| tree | 3727d3b1e275b8a2f080145c7b55689a8b019218 | |
| parent | 74597ecbb17a97a9b7372d6bced5041b6a17d010 (diff) | |
| parent | 01596b54c039a7f1b57fe4198f9c18a73aa8a6da (diff) | |
| download | nextcloud-server-038eff0b60eb4bac73519f99ec01d71f90a3b400.tar.gz nextcloud-server-038eff0b60eb4bac73519f99ec01d71f90a3b400.zip | |
Merge pull request #47795 from nextcloud/backport/47756/stable29
[stable29] fix(files): Check if target path is a descendant of the shared folder
| -rw-r--r-- | lib/private/Files/View.php | 3 | ||||
| -rw-r--r-- | tests/lib/Files/ViewTest.php | 10 |
2 files changed, 11 insertions, 2 deletions
diff --git a/lib/private/Files/View.php b/lib/private/Files/View.php index efe3bcf5abc..b6b136ab178 100644 --- a/lib/private/Files/View.php +++ b/lib/private/Files/View.php @@ -1829,7 +1829,8 @@ class View { }, $providers)); foreach ($shares as $share) { - if (str_starts_with($targetPath, $share->getNode()->getPath())) { + $sharedPath = $share->getNode()->getPath(); + if ($targetPath === $sharedPath || str_starts_with($targetPath, $sharedPath . '/')) { $this->logger->debug( 'It is not allowed to move one mount point into a shared folder', ['app' => 'files']); diff --git a/tests/lib/Files/ViewTest.php b/tests/lib/Files/ViewTest.php index 16568e74a06..8396857e80f 100644 --- a/tests/lib/Files/ViewTest.php +++ b/tests/lib/Files/ViewTest.php @@ -1668,17 +1668,24 @@ class ViewTest extends \Test\TestCase { public function testMoveMountPointIntoSharedFolder() { self::loginAsUser($this->user); - [$mount1] = $this->createTestMovableMountPoints([ + [$mount1, $mount2] = $this->createTestMovableMountPoints([ $this->user . '/files/mount1', + $this->user . '/files/mount2', ]); $mount1->expects($this->never()) ->method('moveMount'); + $mount2->expects($this->once()) + ->method('moveMount') + ->willReturn(true); + $view = new View('/' . $this->user . '/files/'); $view->mkdir('shareddir'); $view->mkdir('shareddir/sub'); $view->mkdir('shareddir/sub2'); + // Create a similar named but non-shared folder + $view->mkdir('shareddir notshared'); $fileId = $view->getFileInfo('shareddir')->getId(); $userObject = \OC::$server->getUserManager()->createUser('test2', 'IHateNonMockableStaticClasses'); @@ -1697,6 +1704,7 @@ class ViewTest extends \Test\TestCase { $this->assertFalse($view->rename('mount1', 'shareddir'), 'Cannot overwrite shared folder'); $this->assertFalse($view->rename('mount1', 'shareddir/sub'), 'Cannot move mount point into shared folder'); $this->assertFalse($view->rename('mount1', 'shareddir/sub/sub2'), 'Cannot move mount point into shared subfolder'); + $this->assertTrue($view->rename('mount2', 'shareddir notshared/sub'), 'Can move mount point into a similarly named but non-shared folder'); $shareManager->deleteShare($share); $userObject->delete(); |