summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMorris Jobke <morris.jobke@gmail.com>2013-11-25 00:30:06 -0800
committerMorris Jobke <morris.jobke@gmail.com>2013-11-25 00:30:06 -0800
commitb82146eeee2c969a53dd42cebf06ecfd31a0e286 (patch)
tree069b4ddfbae3320740de6aa00445ba17a120c528
parent60e2ee631a9853a80506d547630e58a6efeace01 (diff)
parent2d947835b94362982c98caba68aa1073ab466249 (diff)
downloadnextcloud-server-b82146eeee2c969a53dd42cebf06ecfd31a0e286.tar.gz
nextcloud-server-b82146eeee2c969a53dd42cebf06ecfd31a0e286.zip
Merge pull request #5991 from owncloud/extstorage-mountpointvalidation
Prevent using root as mount point for external storage
-rwxr-xr-xapps/files_external/lib/config.php5
-rw-r--r--apps/files_external/tests/mountconfig.php51
2 files changed, 56 insertions, 0 deletions
diff --git a/apps/files_external/lib/config.php b/apps/files_external/lib/config.php
index 43643076519..aaa6c5be1a0 100755
--- a/apps/files_external/lib/config.php
+++ b/apps/files_external/lib/config.php
@@ -266,6 +266,11 @@ class OC_Mount_Config {
$mountType,
$applicable,
$isPersonal = false) {
+ $mountPoint = OC\Files\Filesystem::normalizePath($mountPoint);
+ if ($mountPoint === '' || $mountPoint === '/' || $mountPoint == '/Shared') {
+ // can't mount at root or "Shared" folder
+ return false;
+ }
if ($isPersonal) {
// Verify that the mount point applies for the current user
// Prevent non-admin users from mounting local storage
diff --git a/apps/files_external/tests/mountconfig.php b/apps/files_external/tests/mountconfig.php
new file mode 100644
index 00000000000..941aec680bb
--- /dev/null
+++ b/apps/files_external/tests/mountconfig.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ * ownCloud
+ *
+ * @author Vincent Petry
+ * Copyright (c) 2013 Vincent Petry <pvince81@owncloud.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+require_once __DIR__ . '/../../../lib/base.php';
+
+require __DIR__ . '/../lib/config.php';
+
+class Test_Mount_Config_Dummy_Storage {
+ public function test() {
+ return true;
+ }
+}
+
+/**
+ * Class Test_Mount_Config
+ */
+class Test_Mount_Config extends \PHPUnit_Framework_TestCase {
+ /**
+ * Test mount point validation
+ */
+ public function testAddMountPointValidation() {
+ $storageClass = 'Test_Mount_Config_Dummy_Storage';
+ $mountType = 'user';
+ $applicable = 'all';
+ $isPersonal = false;
+ $this->assertEquals(false, OC_Mount_Config::addMountPoint('', $storageClass, array(), $mountType, $applicable, $isPersonal));
+ $this->assertEquals(false, OC_Mount_Config::addMountPoint('/', $storageClass, array(), $mountType, $applicable, $isPersonal));
+ $this->assertEquals(false, OC_Mount_Config::addMountPoint('Shared', $storageClass, array(), $mountType, $applicable, $isPersonal));
+ $this->assertEquals(false, OC_Mount_Config::addMountPoint('/Shared', $storageClass, array(), $mountType, $applicable, $isPersonal));
+
+ }
+}