summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2015-02-06 15:49:16 +0100
committerLukas Reschke <lukas@owncloud.com>2015-02-06 15:49:16 +0100
commit2add5f76c58867d23cd9649d7298f40f0be0a42a (patch)
treed2b091e4b04becf807be4cada9b1b6259c182349
parentf22d8b5ad5493ee9207199241725074564f7573d (diff)
downloadnextcloud-server-2add5f76c58867d23cd9649d7298f40f0be0a42a.tar.gz
nextcloud-server-2add5f76c58867d23cd9649d7298f40f0be0a42a.zip
Normalize before processing
-rw-r--r--lib/files/filesystem.php9
-rw-r--r--lib/files/mapper.php2
-rw-r--r--tests/lib/files/filesystem.php22
-rw-r--r--tests/lib/files/mapper.php11
4 files changed, 39 insertions, 5 deletions
diff --git a/lib/files/filesystem.php b/lib/files/filesystem.php
index 95bdd100cbf..f57186a77dc 100644
--- a/lib/files/filesystem.php
+++ b/lib/files/filesystem.php
@@ -421,9 +421,10 @@ class Filesystem {
* @return bool
*/
static public function isFileBlacklisted($filename) {
+ $filename = self::normalizePath($filename);
$blacklist = \OC_Config::getValue('blacklisted_files', array('.htaccess'));
$filename = strtolower(basename($filename));
- return (in_array($filename, $blacklist));
+ return in_array($filename, $blacklist);
}
/**
@@ -587,6 +588,10 @@ class Filesystem {
if ($path == '') {
return '/';
}
+
+ //normalize unicode if possible
+ $path = \OC_Util::normalizeUnicode($path);
+
//no windows style slashes
$path = str_replace('\\', '/', $path);
@@ -615,8 +620,6 @@ class Filesystem {
$path = substr($path, 0, -2);
}
- //normalize unicode if possible
- $path = \OC_Util::normalizeUnicode($path);
return $path;
}
diff --git a/lib/files/mapper.php b/lib/files/mapper.php
index 748b65dc4f1..ca5cf399af5 100644
--- a/lib/files/mapper.php
+++ b/lib/files/mapper.php
@@ -230,7 +230,7 @@ class Mapper
// trim ending dots (for security reasons and win compatibility)
$text = preg_replace('~\.+$~', '', $text);
- if (empty($text)) {
+ if (empty($text) || \OC\Files\Filesystem::isFileBlacklisted($text)) {
return uniqid();
}
diff --git a/tests/lib/files/filesystem.php b/tests/lib/files/filesystem.php
index eb13b5a77b4..06501bfc56f 100644
--- a/tests/lib/files/filesystem.php
+++ b/tests/lib/files/filesystem.php
@@ -98,6 +98,28 @@ class Filesystem extends \PHPUnit_Framework_TestCase {
}
}
+public function isFileBlacklistedData() {
+ return array(
+ array('/etc/foo/bar/foo.txt', false),
+ array('\etc\foo/bar\foo.txt', false),
+ array('.htaccess', true),
+ array('.htaccess/', true),
+ array('.htaccess\\', true),
+ array('/etc/foo\bar/.htaccess\\', true),
+ array('/etc/foo\bar/.htaccess/', true),
+ array('/etc/foo\bar/.htaccess/foo', false),
+ array('//foo//bar/\.htaccess/', true),
+ array('\foo\bar\.HTAccess', true),
+ );
+ }
+
+ /**
+ * @dataProvider isFileBlacklistedData
+ */
+ public function testIsFileBlacklisted($path, $expected) {
+ $this->assertSame($expected, \OC\Files\Filesystem::isFileBlacklisted($path));
+ }
+
public function testNormalizeWindowsPaths() {
$this->assertEquals('/', \OC\Files\Filesystem::normalizePath(''));
$this->assertEquals('/', \OC\Files\Filesystem::normalizePath('\\'));
diff --git a/tests/lib/files/mapper.php b/tests/lib/files/mapper.php
index 48ae95b7e72..1b9685ba0e6 100644
--- a/tests/lib/files/mapper.php
+++ b/tests/lib/files/mapper.php
@@ -59,6 +59,15 @@ class Mapper extends \PHPUnit_Framework_TestCase {
$this->assertEquals('D:/folder.name.with.peri-ods/te-st-2.t-x-t', $this->mapper->slugifyPath('D:/folder.name.with.peri ods/te st.t x t', 2));
$this->assertEquals('D:/folder.name.with.peri-ods/te-st.t-x-t', $this->mapper->slugifyPath('D:/folder.name.with.peri ods/te st.t x t'));
-
+ // blacklisted files
+ $this->assertNotEquals('D:/.htaccess', $this->mapper->slugifyPath(' D:/.htaccess'));
+ $this->assertNotEquals('D:/.htaccess', $this->mapper->slugifyPath('D:/.htaccess '));
+ $this->assertNotEquals('D:/.htaccess', $this->mapper->slugifyPath(' D:/.htaccess '));
+ $this->assertNotEquals('D:/.htaccess', $this->mapper->slugifyPath('D:/.htaccess'));
+ $this->assertNotEquals('D:/.htaccess', $this->mapper->slugifyPath('D:/.htaccess.'));
+ $this->assertNotEquals('D:/.htaccess', $this->mapper->slugifyPath('D:/.htAccess'));
+ $this->assertNotEquals('D:/.htaccess', $this->mapper->slugifyPath('D:/.htAccess\…\/とa'));
+ $this->assertNotEquals('D:/.htaccess', $this->mapper->slugifyPath('D:/.htaccess-'));
+ $this->assertNotEquals('D:/.htaccess', $this->mapper->slugifyPath('D:/.htaあccess'));
}
}